Vulnerability Development mailing list archives
Re: IP Spoofing with DHCP ?
From: "Matthew S. Hallacy" <mhallacy () MERCURY XTRATYME COM>
Date: Mon, 18 Sep 2000 18:31:30 -0500
Well, I use DHCP on our wireless network, and assign static IP's based on mac address, it makes it a lot easier to track users, and if we ever have to renumber, it's painless with the help of a short perl script. -poptix On Mon, 18 Sep 2000, Bryce Walter wrote:
Why in the heck would anybody ever do authentication based upon IP address in a DHCP environment? Security issues aside, this would be completely pointless and ineffective. While the IP address of a given computer tends to stabilize out and will usually keep renewing the same IP address, an Admin will know that there will be enough IP changes over time that he won't want to go down that path. Anytime a user's IP address changes and is subsequently locked out of something will result in a phone call that eventually lands on his desk. As far as what you propose, yeah if you find a DHCP network thats relying on IP address for authentication, that attack would work in theory. But if you have a network admin that doesn't see a problem with that environment, chances are there will be security gaps in the network at every turn.Hi I have a question concerning the DHCP protocol. I've heard that this protocol could allow a user to choose he's own IP address if it isn't already assigned to another user. I was wondering if a network using DHCP to assign IP addresses and authenticating users upon their IP address could lead to a breach (i know authentication upon IP address has never been a good security) but in theory would it be possible for an attacant to DoS a user's box and then spoof his IP before the ping timeout in order to be authentified as the user ? Thanks for the help_________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Current thread:
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh), (continued)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Bluefish (P.Magnusson) (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Jonathan James (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Reid Nichol (Sep 29)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Adam Clarke (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Ben Galehouse (Sep 30)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Ben Galehouse (Sep 27)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Jonathan James (Sep 27)
- Re: C versus other languages,round 538 or so (Re: CGI scripts in sh) Crispin Cowan (Sep 28)
- Re: C versus other languages, round 538 or so (Re: CGI scripts in sh) Ryan Masters (Sep 24)
- Re: IP Spoofing with DHCP ? Matthew S. Hallacy (Sep 19)