@Home network subject to DHCP hijacking

From: Roadkill Randu (randy@viopac.com)
Date: 08/26/01

• Previous message: Ron Bradburn: "Re: qpopper and pam.d"
• Next in thread: Matthew Caron: "Re: @Home network subject to DHCP hijacking"
• Reply: Matthew Caron: "Re: @Home network subject to DHCP hijacking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 25 Aug 2001 15:20:25 -0700 (PDT)
From: Roadkill Randu <randy@viopac.com>
To: <bugtraq@securityfocus.com>
Subject: @Home network subject to DHCP hijacking
Message-ID: <Pine.LNX.4.33.0108251500460.24913-100000@wreckage.viopac.com>

Greetings:

Problem:

The @Home network assigns IP addresses on a fairly permanent basis to its
subscribers, but it does use DHCP for IP address assignment. It is
trivial matter, however, to take over another @Home account's IP address
by simply providing another customer's ID for the hostname parameter in
DHCP. It is also trivial to acquire this hostname parameter, since all it
requires is 'host @HomeIPaddress' to determine what the customer ID is.

Notification:

I have notified @Home of this problem twice in the last two months. Not
being an expert in DHCP, I do not know what could be done to fix this. I
figure at least using something different than my actual hostname for my
hostname parameter would at least raise the bar to sniffing for DHCP
packets, instead of the trivial hack it currently is.

Reason for this message:

I have had my @Home connection hijacked from me repeatedly in the last six
months. Given @Home's aparent lack of concern for this problem, and the
current mood of ISPs shutting down users without warning whenever the MPAA
rattles it saber, I felt that the larger community needed to be aware of
this potential problem. It should not be this trivially easy for someone
to break the law in your name.

Randy

---

• Previous message: Ron Bradburn: "Re: qpopper and pam.d"
• Next in thread: Matthew Caron: "Re: @Home network subject to DHCP hijacking"
• Reply: Matthew Caron: "Re: @Home network subject to DHCP hijacking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [NEWS] @Home Network Subject to DHCP Hijacking ... @Home Network Subject to DHCP Hijacking ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... (Securiteam) Re: @Home network subject to DHCP hijacking ... @Home network subject to DHCP hijacking ... > It is also trivial to acquire this hostname parameter, ... Not being an expert in DHCP, ... > hostname for my hostname parameter would at least raise the ... (Bugtraq) Re: FreeBSD workstation on Windows network? ... I have a home network w/ DSL and a wireless router. ... is connected to a cable modem and does DHCP. ... Perhaps I could use the FreeBSD machine to make my home network more secure. ... If you want to play SYSV again, ... (comp.unix.bsd.freebsd.misc) Re: Renewing IP Address ... >the simplest ways to secure a home network. ... >turn off DHCP after configuring your own private address space. ... >your DHCP problem and make your home network more secure. ... easy plug and play access when they put new computers in the mix. ... (microsoft.public.windowsxp.general) RE: DHCP Client Problem?? ... If your home network DHCP is on a Windows 2k3 server you ... ipconfig /release ... My laptop connected to a Windows SBS 2003 network with DHCP server ... (microsoft.public.windowsxp.security_admin)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-08