Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [SPAM] Stealing DHCP Leases
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Wed, 13 Oct 2004 07:52:44 +0200 (CEST)

On Tue, 12 Oct 2004, Ian Holm wrote:

I was noticing that the number of DHCP address in the DHCP cache was running
low so I decided to check which computers were assigned to each address. To
my horror I saw that there were 81 addresses assigned at exactly the same
time and all expired at exactly the same time. I'm assuming that these were
all assigned to the same machine. How is this possible? Where could I learn
about this and how to prevent it?

Any decent log will show you the MAC level address. So go out and
investigate the machine.

There are plenty of known and documented ways of depleting a DHCP pool in
microseconds. A simple google search will do the trick.


        I hate duplicates. Just reply to the relevant mailinglist.
        hvdkooij () vanderkooij org             http://hvdkooij.xs4all.nl/
                Don't meddle in the affairs of magicians,
                for they are subtle and quick to anger.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]