Vulnerability Development mailing list archives
Re: Possible DHCP DOS attack
From: techs () OBFUSCATION ORG (Erik Fichtner)
Date: Fri, 4 Feb 2000 00:37:39 -0500
On Thu, Feb 03, 2000 at 11:25:17AM -0600, C.J. Oster wrote:
To my understanding, dhcpd will ping the oldest lease(s) when it runs out to find a free one. I'm not exactly sure about this though, and any insight would be appreciated.
Yeah. One DoS on dhcp, however, is to sniff the network and wait for a dhcp request to come ambling by, then race the server and forge an icmp echo_reply back to the dhcp server, since dhcpd (at least the ISC one, probably others) will attempt to ping an address to see if it's available before it hands it out. If you do this, you'll get the server to abandon the address as unusable, and if you're persistant enough, you'll use 'em all up. And if you can find some way to bog the dhcp server down and make it slow to get around to generating the ping, you're pretty much guaranteed to win the race. Of course, you can just comment out the code in dhcp.c that pings before handing out a lease, but the server becomes a little less flexible that way. It's a well known issue. Among others. Check out the ISC DHCP Mailing List Archive at http://www.isc.org/ml-archives/dhcp-server/ -- Erik Fichtner; Warrior SysAdmin (emf|techs) 34.9908% http://www.obfuscation.org/~techs N 38 53.055' W 77 21.860' 764 ft. "What's the most effective Windows NT remote management tool?" "A car." -- Stephen Northcutt
Current thread:
- Re: distributed.net and seti@home, (continued)
- Re: distributed.net and seti@home Iván Arce (Feb 02)
- Re: distributed.net and seti@home Oliver Friedrichs (Feb 01)
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Feb 01)
- Re: distributed.net and seti@home Kerneels (Feb 02)
- Re: distributed.net and seti@home Granquist, Lamont (Feb 03)
- Re: distributed.net and seti@home Steffen Zahn (Feb 04)
- Re: distributed.net and seti@home Sen_Ml Sen_Ml (Feb 01)
- Possible DHCP DOS attack Paul Keefer (Feb 02)
- Re: Possible DHCP DOS attack Sebastian Andersson (Feb 02)
- Re: Possible DHCP DOS attack Eric Hacker (Feb 03)
- Re: Possible DHCP DOS attack C.J. Oster (Feb 03)
- Re: Possible DHCP DOS attack Erik Fichtner (Feb 03)
- Re: Possible DHCP DOS attack Matthew S. Hallacy (Feb 03)
- DHCP and Security Nitzenberger, Rob, MSgt, AF/XORR (Feb 03)
- Re: DHCP and Security Erik Fichtner (Feb 03)
- Re: DHCP and Security Seth R Arnold (Feb 04)
- Re: DHCP and Security Jeff Bachtel (Feb 05)
- Re: Possible DHCP DOS attack Michal Zalewski (Feb 03)
- Re: Possible DHCP DOS attack Blue Boar (Feb 03)
- Re: distributed.net and seti@home Andrew Brown (Feb 02)