Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible DHCP DOS attack

From: bofh () DIEGEEKDIE COM (Sebastian Andersson)
Date: Thu, 3 Feb 2000 08:58:50 +0100

On Wed, Feb 02, 2000 at 09:19:52PM -0000, Paul Keefer wrote:

Has this already been addressed?  Am I missing something
fundamental about DHCP?


No, this would work in many places. In a completly switched network,
you find the computer pretty soon by looking at the MAC/port tables
(after you find some suspect MAC adresses from the DHCP server).
Most switched networks allow you to trace all MAC adresses to the right
port. From there you can find the computer via pull&plug or with a network
sniffer.

You can protect your DHCP server from this by require that new MAC
adresses be authorized before they can be used (or assigned to a
limited pool until they are authorized).

There are more fun ways to play with DHCP though. Why not answer
yourself? Tell the client about your own DNS server, your own WINS
server, your own gateway... Pretty easy to capture all interesting
traffic you want to/from that computer or DOS the computer or whatever.

/Sebastian
Previous By Date Next
Previous By Thread Next

Current thread: