To my understanding, dhcpd will ping the oldest lease(s) when it runs out
to find a free one. I'm not exactly sure about this though, and any
insight would be appreciated.
-CJO-
On Wed, 2 Feb 2000, Paul Keefer wrote:
>I hope this is the right forum for this.
>
>I was contemplating DHCP and how many large organizations
>rely on it today, and I had a vision so to speak. What if
>someone were to use up all of the available leases? That
>would essentially prevent anyone else from obtaining an
>address. That got me thinking to how easy it would be to
>very quickly eat up all the addresses on a server.
>
>It seems like it would be trivial to use a linux box to use
>proxy arping to send out a large number of DHCP requests
>until the server has no more to give out.
>
>This of course assumes that the network is not using
>switches that prevent multiple MACs per port, and that the
>DHCP servers are not configured to give IPs out only to
>specific MACs or something like that.
>
>One thing that would make this particularly insidious is
>that the entire attack would take only momemts, and would
>last until the DHCP database was purged or the leases timed
>out.
>
>Has this already been addressed? Am I missing something
>fundamental about DHCP?
>
>
C.J. Oster (Linux Guru/Surge Addict) cjo_at_pobox.com
----------------------------------------------------------------------
Network Security Manager Unix System Administrator
For BHNet, Bromley Hall WSG, CCSO, UIUC
Hoover and Associates oster_at_uiuc.edu
security_at_bromleygroup.com (217)265-8427
----------------------------------------------------------------------
PGP: 87D5 4216 43A1 42D6 754D 8F5E 24B3 992A B7A1 F556
Tuition: n. The way you screw your self out of something you
really want, need, like, or enjoy to learn a simple lesson.
Received on Feb 03 2000
Intro
