Vulnerability Development mailing list archives
Re: Possible DHCP DOS attack
From: tal () XPERT COM (Tal Hornstein)
Date: Thu, 3 Feb 2000 10:02:41 +0200
Paul, You are essentially right, although you might want to consider the following 2 points: 1- Since addresses already allocated by the DHCP are not vulnerable to such an attack, it will only affect "newcomers" - new machines trying to obtain an IP lease. It is bound to be noticed by the sysadmin after the first machine can't lease an IP. 2- I would assume any security admin in his right mind will not allow DHCP request from the Internet through the Firewall, thus such an attack can only come from within. 3- If a company employee makes such an attack, his MACs will go in the DHCP and logs, making him easy to spot/stop. I consider it a low risk, but nice thinking. T. Tal Hornstein System Administrator Xpert Integrated Systems -----Original Message----- From: Paul Keefer [mailto:paul () KEEFER ORG] Sent: Wednesday, February 02, 2000 11:20 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Possible DHCP DOS attack I hope this is the right forum for this. I was contemplating DHCP and how many large organizations rely on it today, and I had a vision so to speak. What if someone were to use up all of the available leases? That would essentially prevent anyone else from obtaining an address. That got me thinking to how easy it would be to very quickly eat up all the addresses on a server. It seems like it would be trivial to use a linux box to use proxy arping to send out a large number of DHCP requests until the server has no more to give out. This of course assumes that the network is not using switches that prevent multiple MACs per port, and that the DHCP servers are not configured to give IPs out only to specific MACs or something like that. One thing that would make this particularly insidious is that the entire attack would take only momemts, and would last until the DHCP database was purged or the leases timed out. Has this already been addressed? Am I missing something fundamental about DHCP?
Current thread:
- Re: Possible DHCP DOS attack Tal Hornstein (Feb 03)
- Re: Possible DHCP DOS attack Paul Keefer (Feb 03)
- Re: Possible DHCP DOS attack Sen_Ml Sen_Ml (Feb 04)
- Re: Possible DHCP DOS attack Vladimir Dubrovin (Feb 04)
- Re: Possible DHCP DOS attack Blue Boar (Feb 04)
- how to transfer files on napster Jason Copenhaver (Feb 05)
- Re: how to transfer files on napster Jordan Ritter (Feb 05)
- Re: how to transfer files on napster Blue Boar (Feb 05)
- Re: how to transfer files on napster Seth Georgion (Feb 05)
- Re: how to transfer files on napster whitvamp () MINDLESS COM (Feb 05)
- Re: how to transfer files on napster Jordan Ritter (Feb 05)
- Re: Possible DHCP DOS attack Paul Keefer (Feb 03)