Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [SPAM] Stealing DHCP Leases
From: "VeNoMouS" <venom () gen-x co nz>
Date: Wed, 13 Oct 2004 19:18:40 +1300

if the dhcpd is by isc and the dhcpd is running on *nix just cat /var/state/dhcp/dhcpd.leases.


----- Original Message ----- From: "Hugo van der Kooij" <hvdkooij () vanderkooij org>
To: <full-disclosure () lists netsys com>
Sent: Wednesday, October 13, 2004 6:52 PM
Subject: Re: [SPAM] [Full-disclosure] Stealing DHCP Leases


On Tue, 12 Oct 2004, Ian Holm wrote:

I was noticing that the number of DHCP address in the DHCP cache was running low so I decided to check which computers were assigned to each address. To
my horror I saw that there were 81 addresses assigned at exactly the same
time and all expired at exactly the same time. I'm assuming that these were all assigned to the same machine. How is this possible? Where could I learn
about this and how to prevent it?

Any decent log will show you the MAC level address. So go out and
investigate the machine.

There are plenty of known and documented ways of depleting a DHCP pool in
microseconds. A simple google search will do the trick.

Hugo.

--
I hate duplicates. Just reply to the relevant mailinglist.
hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault