Re: DoS against DHCP

From: Russell Handorf (rhandorf@mail.russells-world.com)
Date: 01/31/02


Date: Wed, 30 Jan 2002 18:34:35 -0500
To: RSnake <rsnake@shocking.com>, vuln-dev@securityfocus.com
From: Russell Handorf <rhandorf@mail.russells-world.com>


#!/bin/sh
counter=0
if [ $# -eq 0 ]
then
         echo "You're missing the arguement of how many times for me to
repeat."
         exit 1
fi
while [ $counter -le $1 ]
do
         ifconfig eth0 down
         ./changemac -r
         pump
         ifconfig eth0
         coutner=`expr $counter + 1`
done
echo "done"

Contingent on you having changemac or some other way to randomize a new mac
addy.

russ

At 02:20 PM 1/30/2002 -0800, you wrote:

> I came up with this about a year back at DefCon, and told some
> friends
>in hopes that either they or I would do something with it, but none of us had
>time so here goes, and please feel free to write this yourself. DoS against
>DHCP:
>
> A DHCP server has only a certain amount of addresses availible. If
>you (a single malicious machine connected to the network) actively take up all
>availible IP address, and compete against the machines that are currently
>connected you should be able to completely take all availible IP addresses and
>block access to the DHCP server. You could do this by opening many interfaces
>on a linux box and asking for many DHCP addresses and lying that you connected
>before any competing machines (or DoS the competing machine directly until the
>DHCP server releases the IP address to you).
>
> This combined with war-driving could take down any DHCP IP address
>block within wireless range. Kinda nasty, but only effective as long as you
>stay connected to the network, so a compromised machine on the network
>might be
>necessary for extended DoS. Probably the way around this would be a) some
>sort
>of authentication to log into the DHCP server and or b) using leap or
>something
>similar. MAC addresses are spoofable, so it probably wouldn't be a good idea
>to limit the number of times a particular MAC address connects to the network,
>as that would just be a sloppy obfuscation. DHCP has always seemed like a bad
>idea to me. Sorry if this seems obvious.

==================================
Russell Handorf
oooo, shiney ::Wanders after it::

www.russells-world.com
www.philly2600.net

"Computer games don't affect kids, I mean if Pacman affected us as kids,
we'd all be running around in darkened rooms, munching pills and listening
to repetitive music." ~unknown
==================================



Relevant Pages

  • Re: Mac Hostname on Network
    ... hostnames to the names of random Windows PCs on the network. ... it looks for a DHCP server, specifying its own name as the DHCP Client ... Along comes your Mac and asks the DHCP server for an IP address. ... name assigned by the network as its hostname. ...
    (comp.sys.mac.system)
  • Re: Network Security
    ... >>I've been tasked to protect out network from unwanted clients ... > configure the DHCP server to only give out addresses to specific MAC ... > that says no visiting computers. ... >>not 'known' to us then we can stop it getting an IP from the DHCP server? ...
    (linux.redhat)
  • Re: Mac Hostname on Network
    ... hostnames to the names of random Windows PCs on the network. ... it looks for a DHCP server, specifying its own name as the DHCP Client ... if your DNS was configured so that the LAN was called ... Along comes your Mac and asks the DHCP server for an IP address. ...
    (comp.sys.mac.system)
  • Re: More problems: iMac wont connect to Ethernet
    ... MAC address of the device. ... It is always worth doing this with network printers and network disks - it ... Setup page on the Netgear - just below the DHCP server option is ...
    (uk.comp.sys.mac)
  • DoS against DHCP
    ... DoS against ... before any competing machines (or DoS the competing machine directly until the ... DHCP server releases the IP address to you). ... stay connected to the network, so a compromised machine on the network might be ...
    (Vuln-Dev)