Penetration Testing mailing list archives
Re: DHCP Query
From: James Eaton-Lee <j.eatonlee () gmail com>
Date: Fri, 09 Dec 2005 14:03:58 +0000
On Wed, 2005-12-07 at 11:36 +0000, James Eaton-Lee wrote:
I did a presentation on this for a talk I recently gave in Dundee. Some of the headings are a bit off because I was cramming material from what was originally an essay into a presentation lasting about 45 minutes, but most of the technical information is fairly accurate, so you're welcome to it if you want it. Available under Creative Commons Attribution/Sharealike 2.5 at http://www.jeremiad.org/download.shtml
As an afterthought to this, and having looked through the webserver logs (as any security-conscious admin having posted a URL to a securityfocus list should!)... I award five security points to the visitor who used wget to fetch download.shtml for inspection *before* opening it with a browser (links) on his "-hardened-" linux system. On the other hand, -5 security points from the people who generated the 9 hits (3 unique IPs) from hosts with useragent strings indicating they're running on windows 98. (One of you is even using IE!) In case anyone's actually interested in the paper, I'll try to remember to quietly mention it when it's released! - James. -- James (njan) Eaton-Lee | 10807960 Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description:
Current thread:
- DHCP Query Inspiration (Dec 06)
- Re: DHCP Query James Eaton-Lee (Dec 07)
- Re: DHCP Query James Eaton-Lee (Dec 09)
- <Possible follow-ups>
- RE: DHCP Query Cony.Zhou (Dec 06)
- Re: DHCP Query James Eaton-Lee (Dec 07)