Full Disclosure mailing list archives

Re: [SPAM] Stealing DHCP Leases

From: "VeNoMouS" <venom () gen-x co nz>
Date: Wed, 13 Oct 2004 19:18:40 +1300

if the dhcpd is by isc and the dhcpd is running on *nix just cat/var/state/dhcp/dhcpd.leases.

----- Original Message -----From: "Hugo van der Kooij" <hvdkooij () vanderkooij org>

To: <full-disclosure () lists netsys com>
Sent: Wednesday, October 13, 2004 6:52 PM
Subject: Re: [SPAM] [Full-disclosure] Stealing DHCP Leases

On Tue, 12 Oct 2004, Ian Holm wrote:

I was noticing that the number of DHCP address in the DHCP cache wasrunninglow so I decided to check which computers were assigned to each address.To
my horror I saw that there were 81 addresses assigned at exactly the same
time and all expired at exactly the same time. I'm assuming that thesewereall assigned to the same machine. How is this possible? Where could Ilearn
about this and how to prevent it?


Any decent log will show you the MAC level address. So go out and
investigate the machine.

There are plenty of known and documented ways of depleting a DHCP pool in
microseconds. A simple google search will do the trick.

Hugo.

--
I hate duplicates. Just reply to the relevant mailinglist.
hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Stealing DHCP Leases Ian Holm (Oct 12)
- Re: Stealing DHCP Leases TheGesus (Oct 12)
- Re: Stealing DHCP Leases Garth Stone (Oct 12)
- Re: [SPAM] Stealing DHCP Leases Hugo van der Kooij (Oct 12)
  - Re: [SPAM] Stealing DHCP Leases VeNoMouS (Oct 13)
- Re: Stealing DHCP Leases Stef (Oct 13)