Re: protecting DHCP servers

From: Matt.Carpenter@alticor.com
Date: 05/21/02


To: sgifford@suspectclass.com
From: Matt.Carpenter@alticor.com
Date: Tue, 21 May 2002 12:29:41 -0400


Since Scott didn't specifically say it, I will: Yes, DHCP can be exploited
remotely. Network Management Systems are able to keep track of DHCP
servers this way. Directed, or Unicast, UDP traffic should illicit similar
response as the broadcast UDP traffic used by normal DHCP requests.

Scott Gifford <sgifford@suspectclass.com>
>Akop Pogosian <akopps@CSUA.Berkeley.EDU> writes:
>
>
>[...]>
>
>> My question is, is it possible for an attacker who comes from
>> outside of the trusted subnets to which dhcp server connects
>> directly to spoof the IP source address to look like 0.0.0.0 in
>> order to run an exploit on dhcpd? If yes, how can I prevent this?
>
>Block it at your border router, along with other Martian packets.
>
>Blocking the DHCP ports at the router also isn't a half-bad idea.



Relevant Pages

  • Re: register
    ... I do not intend to change DNS or DHCP servers. ... have read everything I can get my hands on regarding DHCP Client. ... DHCP client service is needed for registration and renewal ...
    (microsoft.public.windows.server.general)
  • Re: networking private and public hosts questions
    ... DHCP isn't going to "help". ... you need to run NAT. ... Move all the Servers to the private side of the Firewall and start ... Controllers must point to themselves in thier DNS Setting and the ISP's DNS ...
    (microsoft.public.win2000.networking)
  • Re: Dynamic DNS, DNS Records & Scavenging
    ... There are two DHCP ... Both the servers are set to update A and PTR records for clients. ... DNS however this doesn't seem to be the case. ... DNSUpdateProxy and when i did this i saw my test laptop register its ...
    (microsoft.public.windows.server.dns)
  • Re: DHCP
    ... Open the event in event viewer, under the 2 arrows is a copy button, click it and paste it into the posting. ... "Meinolf Weber" wrote: ... I do not intend to change DNS or DHCP servers. ...
    (microsoft.public.windows.server.general)
  • Re: DHCP
    ... I do not intend to change DNS or DHCP servers. ... Since these machines are DHCP Client Windows Server 2003 machines with ...
    (microsoft.public.windows.server.general)