Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Possible DHCP DOS attack

Re: Possible DHCP DOS attack

From: Matthew S. Hallacy <poptix_at_HYDROGEN.POPTIX.NET>
Date: Fri, 4 Feb 2000 00:08:06 -0600

I've encountred something like this, the machines that were going out to
customers were plugged in to make sure they worked, with a lot of
computers going through the shop the dhcp server ran out of leases, it
merely said 'out of leases' and refused to pass any new ones out.

Redhat 6.1

[root_at_fw /root]# dhcpd --version
Internet Software Consortium DHCP Server
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.

On Thu, 3 Feb 2000, C.J. Oster wrote:

> To my understanding, dhcpd will ping the oldest lease(s) when it runs out
> to find a free one. I'm not exactly sure about this though, and any
> insight would be appreciated.
>
> -CJO-
>
> On Wed, 2 Feb 2000, Paul Keefer wrote:
>
> >I hope this is the right forum for this.
> >
> >I was contemplating DHCP and how many large organizations
> >rely on it today, and I had a vision so to speak. What if
> >someone were to use up all of the available leases? That
> >would essentially prevent anyone else from obtaining an
> >address. That got me thinking to how easy it would be to
> >very quickly eat up all the addresses on a server.
> >
> >It seems like it would be trivial to use a linux box to use
> >proxy arping to send out a large number of DHCP requests
> >until the server has no more to give out.
> >
> >This of course assumes that the network is not using
> >switches that prevent multiple MACs per port, and that the
> >DHCP servers are not configured to give IPs out only to
> >specific MACs or something like that.
> >
> >One thing that would make this particularly insidious is
> >that the entire attack would take only momemts, and would
> >last until the DHCP database was purged or the leases timed
> >out.
> >
> >Has this already been addressed? Am I missing something
> >fundamental about DHCP?
> >
> >
>
> C.J. Oster (Linux Guru/Surge Addict) cjo_at_pobox.com
> ----------------------------------------------------------------------
> Network Security Manager Unix System Administrator
> For BHNet, Bromley Hall WSG, CCSO, UIUC
> Hoover and Associates oster_at_uiuc.edu
> security_at_bromleygroup.com (217)265-8427
> ----------------------------------------------------------------------
>
> PGP: 87D5 4216 43A1 42D6 754D 8F5E 24B3 992A B7A1 F556
>
> Tuition: n. The way you screw your self out of something you
> really want, need, like, or enjoy to learn a simple lesson.
>
Received on Feb 04 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos