I came up with this about a year back at DefCon, and told some friends in hopes that either they or I would do something with it, but none of us had time so here goes, and please feel free to write this yourself. DoS against DHCP: A DHCP server has only a certain amount of addresses availible. If you (a single malicious machine connected to the network) actively take up all availible IP address, and compete against the machines that are currently connected you should be able to completely take all availible IP addresses and block access to the DHCP server. You could do this by opening many interfaces on a linux box and asking for many DHCP addresses and lying that you connected before any competing machines (or DoS the competing machine directly until the DHCP server releases the IP address to you). This combined with war-driving could take down any DHCP IP address block within wireless range. Kinda nasty, but only effective as long as you stay connected to the network, so a compromised machine on the network might be necessary for extended DoS. Probably the way around this would be a) some sort of authentication to log into the DHCP server and or b) using leap or something similar. MAC addresses are spoofable, so it probably wouldn't be a good idea to limit the number of times a particular MAC address connects to the network, as that would just be a sloppy obfuscation. DHCP has always seemed like a bad idea to me. Sorry if this seems obvious.
This archive was generated by hypermail 2b30 : Wed Jan 30 2002 - 14:41:27 PST