Bugtraq mailing list archives
Re: BOOTP/DHCP security
From: itudps () ntx city unisa edu au (itudps)
Date: Thu, 28 Nov 1996 06:08:30 +1030
Examples of bogus information might include: o a new gateway that bounces everything to the real gateway but also keeps a copy of certain information, this would often be undetected in a typical large and busy commercial or educational network.[of course, you can do this with a packet sniffer just as easily].Not necessarily! The big point is that these requests are usually broadcast and forwarded by the routers, so that you have a window of[snip 8< ] I thought the big point is that once this has done, all packets are sent to you for you to read, or more interestingly rewrite at whim. No need for sniffing, which may cause difficulties if not on the same subnet anyway, and wouldn't allow rewriting.
Someone might eventually notice the strange traffic pattern generated by a fake gateway. But a dns or wins server would be very hard to spot and you could use this to distribute requests to a lot of different (also hacked) places on or outside the network, thus avoiding an obvious change in network load. This is a rather unnerving prospect. -- Dan Shearer email: Dan.Shearer () UniSA edu au Information Technology Unit Phone: +61 8 302 3479 University of South Australia Fax : +61 8 302 3385
Current thread:
- Re: BOOTP/DHCP security itudps (Nov 27)
- <Possible follow-ups>
- Re: BOOTP/DHCP security itudps (Nov 27)
- Re: BOOTP/DHCP security Benedikt Stockebrand (Nov 27)
- Re: BOOTP/DHCP security itudps (Nov 27)
- CIAC Bulletin H-08: lpr Buffer Overrun Vulnerability David Crawford (Nov 27)
- Re: BOOTP/DHCP security Valdis.Kletnieks () vt edu (Nov 28)
- Irix: more suid fun/exploits Yuri Volobuev (Nov 28)
- Re: BOOTP/DHCP security Alan Cox (Nov 28)