Re: BOOTP/DHCP security

[itudps () ntx city unisa edu au (itudps)]

> > > > Examples of bogus information might include:
> > > >
> > > > o a new gateway that bounces everything to the real gateway but also keeps
> > > > a copy of certain information, this would often be undetected in a typical
> > > > large and busy commercial or educational network.
> > >
> > > [of course, you can do this with a packet sniffer just as easily].
> >
> > Not necessarily! The big point is that these requests are usually
> > broadcast and forwarded by the routers, so that you have a window of
> [snip 8< ]
>
> I thought the big point is that once this has done, all packets are sent to
> you for you to read, or more interestingly rewrite at whim. No need for
> sniffing, which may cause difficulties if not on the same subnet anyway, and
> wouldn't allow rewriting.

Someone might eventually notice the strange traffic pattern generated by a
fake gateway. But a dns or wins server would be very hard to spot and you
could use this to distribute requests to a lot of different (also hacked)
places on or outside the network, thus avoiding an obvious change in
network load.

This is a rather unnerving prospect.

--
 Dan Shearer                            email: Dan.Shearer () UniSA edu au
 Information Technology Unit            Phone: +61 8 302 3479
 University of South Australia          Fax  : +61 8 302 3385