Nmap Development mailing list archives
Re: [NSE] Changes to dhcp-discover and dhcp.lua
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 29 Dec 2011 09:19:12 +0100
I absolutely agree with separating the DoS function into another script. Running anything that mentions DoS in my environment brings the wrath of management down on me. I would also like to throw in my vote for re-supporting as many variations as possible. I think that getting information of all kinds from a network is one of Nmap's strengths.+1. Regards, Duarte SilvaDan
I spent way to much time on this yesterday and failed to successfully implement the new DoS script. I can't even get it to work with the old script, the reason being that according to RFC 2131 the IP address is not allocated until the server accepts the DHCPREQUEST request. In the old script this request is never being sent, but I guess poorly implemented DHCP servers could be exhausted just by running DHCPDISCOVER. In my case what happens is that the ip's simply get recycled and not allocated. The next problem is that my two DHCP servers (one running on Ubuntu dnsmasq and another running in my TimeCapsule) fail to accept my DHCPREQUEST as it's not coming from 0.0.0.0 as stated in the section 4.1 of the RFC: "DHCP messages broadcast by a client prior to that client obtaining its IP address must have the source address field in the IP header set to 0." I tried to get this working by using the raw ip_send code but as soon as I put source address 0.0.0.0 in it falls back to my current address. Using 0.0.0.1 works though, so I'm not sure what's wrong. Anyway, I removed the DoS code from dhcp-discover and changed it to be in the safe and discover categories and pretty much gave up on the dhcp-dos script. If anyone can figure out how to send packets from 0.0.0.0 please let me know, otherwise I'm adding this to the bottom of my todo list. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Changes to dhcp-discover and dhcp.lua Patrik Karlsson (Dec 27)
- Re: [NSE] Changes to dhcp-discover and dhcp.lua Daniel Miller (Dec 27)
- Re: [NSE] Changes to dhcp-discover and dhcp.lua Duarte Silva (Dec 27)
- Re: [NSE] Changes to dhcp-discover and dhcp.lua Patrik Karlsson (Dec 29)
- Re: [NSE] Changes to dhcp-discover and dhcp.lua Duarte Silva (Dec 27)
- Re: [NSE] Changes to dhcp-discover and dhcp.lua Daniel Miller (Dec 27)