Re: DoS against DHCP

From: Craig Van Tassle (craig@ambrosa.dns04.com)
Date: 01/31/02 

Date: Wed, 30 Jan 2002 17:49:55 -0600
From: Craig Van Tassle <craig@ambrosa.dns04.com>
To: RSnake <rsnake@shocking.com>

Well acutally i think that if you try to use the same MAC address for all the dhcp requests that could prove to be a problem.. Basicly if you want to you can jsut write a program to send out false MAC/ARP replies.. and with various ways of MAC spoofing you could tell the DHCP server that you have all the addresses and that could be used to make the subnet unusable until the DHCP leases are released.

just my $0.02

Criag

On Wed, Jan 30, 2002 at 02:20:29PM -0800, RSnake wrote:
>
> I came up with this about a year back at DefCon, and told some friends
> in hopes that either they or I would do something with it, but none of us had
> time so here goes, and please feel free to write this yourself. DoS against
> DHCP:
>
> A DHCP server has only a certain amount of addresses availible. If
> you (a single malicious machine connected to the network) actively take up all
> availible IP address, and compete against the machines that are currently
> connected you should be able to completely take all availible IP addresses and
> block access to the DHCP server. You could do this by opening many interfaces
> on a linux box and asking for many DHCP addresses and lying that you connected
> before any competing machines (or DoS the competing machine directly until the
> DHCP server releases the IP address to you).
>
> This combined with war-driving could take down any DHCP IP address
> block within wireless range. Kinda nasty, but only effective as long as you
> stay connected to the network, so a compromised machine on the network might be
> necessary for extended DoS. Probably the way around this would be a) some sort
> of authentication to log into the DHCP server and or b) using leap or something
> similar. MAC addresses are spoofable, so it probably wouldn't be a good idea
> to limit the number of times a particular MAC address connects to the network,
> as that would just be a sloppy obfuscation. DHCP has always seemed like a bad
> idea to me. Sorry if this seems obvious.
>
>

Relevant Pages

  • DoS against DHCP
    ... DoS against ... before any competing machines (or DoS the competing machine directly until the ... DHCP server releases the IP address to you). ... stay connected to the network, so a compromised machine on the network might be ...
    (Vuln-Dev)
  • Re: WAP54Gs with WPA not handing out IPs from SBS2003 server
    ... Do you have enough IP addresses in the DHCP pool on the DHCP server? ... There's not even 50 machines total on the network. ... I'll assume you're running Windoze XP Home using Wireless Zero Config ... With the PCMCIA card, it's the WZC software. ...
    (alt.internet.wireless)
  • Re: WAP54Gs with WPA not handing out IPs from SBS2003 server
    ... Do you have enough IP addresses in the DHCP pool on the DHCP server? ... There's not even 50 machines total on the network. ... I'll assume you're running Windoze XP Home using Wireless Zero Config ... With the PCMCIA card, it's the WZC software. ...
    (alt.internet.wireless)
  • Re: Whats the benefit of using superscopes?
    ... A superscope is a collection of individual scopes that can be ... A superscope is actually a collection of individual scopes. ... Place DHCP clients from multiple network IDs on the same ... The superscope will allow the DHCP Server to answer requests from ...
    (microsoft.public.windows.server.networking)
  • <LONG>Re: Question rephrase
    ... >currently only one master NS server, ... become a master NS for that network. ... a computer is brought back into our facility, the first thing security ... so your DHCP server configures itself? ...
    (comp.os.linux.networking)