Home page logo
/

basics logo Security Basics mailing list archives

Re: Re: Re: RE: Down with DHCP!!!!
From: me () yahoo com
Date: 26 Feb 2006 14:56:06 -0000

Read RFC 2131 for some insight into this protocol.

"A host should not act as a DHCP server unless explicitly configured to do so by a system administrator. "

"7. Security Considerations

[SNIP] Therefore, DHCP in its current form is quite insecure.

Unauthorized DHCP servers may be easily set up. Such servers can then send false and potentially disruptive information 
to clients such as incorrect or duplicate IP addresses, incorrect routing information (including spoof routers, etc.), 
incorrect domain nameserver addresses (such as spoof nameservers), and so on. Clearly, once this seed information is in 
place, an attacker can further compromise affected systems.

Malicious DHCP clients could masquerade as legitimate clients and retrieve information intended for those legitimate 
clients. Where dynamic allocation of resources is used, a malicious client could claim all resources for itself, 
thereby denying resources to legitimate clients. "


You decide, but your response didn't address any real issues.  Spend an afternoon with perl devising attacks against 
DHCP from both the rogue client and malicious server perspectives and decide if it has any place on a network you 
_TRULY_ wish to secure.  

DHCP is fine for places where you don't care about security or already have truly secured physical access - otherwise 
you are providing an attcker with an on/off switch to your network.  

DHCP is a security disaster looking for a place to happen.  The protocol designers knew it and anyone with an inkling 
of security knowledge realizes it.  If you have managed switches to the desktop, or have the infrastructure to fully 
deploy 802.1x to *ALL* of the devices on your network, more power to you; but anyone in any environment with those 
resources doesn't _need_ DHCP.  

48 bits of entropy is harder to manage than 32.    

My $.02 (given I've spent a bit of time researching the subject)...

-AC

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]