Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible DHCP DOS attack

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Fri, 4 Feb 2000 22:11:52 -0800

Vladimir Dubrovin wrote:


DHCP  requests  cann't come from Internet. Suport of BootP relay agent
(RFC  1532/1542)  is required for routing requests between 2 networks.
DHCP requests use 0.0.0.0 as both SRC and DST address.


Not sure if you're saying what I think or not.  If you do DHCP forwarding
between subnets (BootP relay) the packet will take on the destination of
the listed DHCP servers, and a source IP of the router.  Because of that,
it's quite possible to send DHCP requests all the way across the Internet.
NT RAS servers do similar, using their own IP.  Both these situations work
fine with the few DHCP servers I've worked with.


P.S. Someone said DHCP "pings" old leases. He's wrong. DHCP will never
release lease before it's expired.


The only "pinging" I've seen various DHCP servers do is to ping an IP at
some time before they give it out.  You're correct, they won't take back a
lease just because something becomes unpingable.  It's perfectly legal for
a host to retain a lease while it goes home with it's owner over the
weekend.

                                                BB
Previous By Date Next
Previous By Thread Next

Current thread: