Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

honeypots logo Honeypots mailing list archives

RE: [inbox] Arpd and DHCP
From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 15 Apr 2004 12:26:10 -0500
Graeme Connell wrote:

  If an attacker is connecting to 192.168.0.1, and another
computer comes online,
  a) will dhcp still serve out the address 192.168.0.1?


yes, unless it is already leased


  b) will honeyd and arpd disrupt services for this newly
connected user until arpd releases the address?


Actually it depends on the OS.  If the attacker is *NIX and the dhcp user is
Windows, the Windows box will thow up it's hands and cry mama.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

  By Date           By Thread  

Current thread:
  • Arpd and DHCP Graeme Connell (Apr 14)
    • RE: [inbox] Arpd and DHCP Curt Purdy (Apr 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]