Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Getting Printer IP Addresses Prior to Pen Testing - Question About DHCP
From: Brendan Murray <xasperated () gmail com>
Date: Thu, 22 Sep 2005 10:48:06 +1200

DHCP can be configured to offer a fixed IP to a fixed MAC address. If
you know the MAC of the printer then you should be able to craft a
suitable DHCP request and monitor for the result. I guess if you're on
the lan and in the right place you can deduce the mac of the printers
by sniffing for lpd and jetdirect traffic which might be useful, or of
course if its only the ip you care about the sniffing for lpd and
jetdirect will tell you what you need anyway.  Over time if those IPs
are seen to generate other protocol traffic then you know they're not

Possibly, and I haven't tried this but might, you could try sending a
DHCPRELEASE with the IP  and MAC of the printer and then send a
DHCPREQUEST with the MAC of the printer and see if you get the same
IP.  Other possibilities with RENEW of the DHCPREQUEST might also
provide some information. Again I've never needed to try this.

Or you could just set up and request lots and lots and lots of IP
addresses from the DHCP server. Over some period (the lease time and
depending on when things are turned off on the net) you can find out
what ip addresses are offered to  the common ruck from the DHCP
server. This will DOS the LAN over time of course so you might not be

On 9/21/05, Marjorie Rintoul <mrintoul2 () hotmail com> wrote:
DHCP allocates IP addresses dynamically.  How does DHCP know which (fixed
printer) IP addresses to stay away from?  Does anyone know of a way to get
this list?

Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]