Re: DoS against DHCP

From: Russell Handorf (rhandorfat_private-world.com)
Date: Wed Jan 30 2002 - 15:34:35 PST

Next message: Craig Van Tassle: "Re: DoS against DHCP"

Previous message: John Stauffacher: "RE: DoS against DHCP"
In reply to: RSnake: "DoS against DHCP"
Next in thread: Craig Van Tassle: "Re: DoS against DHCP"
Next in thread: Ed Moyle: "RE: switch jamming"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#!/bin/sh
counter=0
if [ $# -eq 0 ]
then
         echo "You're missing the arguement of how many times for me to 
repeat."
         exit 1
fi
while [ $counter -le $1 ]
do
         ifconfig eth0 down
         ./changemac -r
         pump
         ifconfig eth0
         coutner=`expr $counter + 1`
done
echo "done"

Contingent on you having changemac or some other way to randomize a new mac 
addy.

russ

At 02:20 PM 1/30/2002 -0800, you wrote:

>         I came up with this about a year back at DefCon, and told some 
> friends
>in hopes that either they or I would do something with it, but none of us had
>time so here goes, and please feel free to write this yourself.  DoS against
>DHCP:
>
>         A DHCP server has only a certain amount of addresses availible.  If
>you (a single malicious machine connected to the network) actively take up all
>availible IP address, and compete against the machines that are currently
>connected you should be able to completely take all availible IP addresses and
>block access to the DHCP server.  You could do this by opening many interfaces
>on a linux box and asking for many DHCP addresses and lying that you connected
>before any competing machines (or DoS the competing machine directly until the
>DHCP server releases the IP address to you).
>
>         This combined with war-driving could take down any DHCP IP address
>block within wireless range.  Kinda nasty, but only effective as long as you
>stay connected to the network, so a compromised machine on the network 
>might be
>necessary for extended DoS.  Probably the way around this would be a) some 
>sort
>of authentication to log into the DHCP server and or b) using leap or 
>something
>similar.  MAC addresses are spoofable, so it probably wouldn't be a good idea
>to limit the number of times a particular MAC address connects to the network,
>as that would just be a sloppy obfuscation.  DHCP has always seemed like a bad
>idea to me.  Sorry if this seems obvious.

==================================
Russell Handorf
oooo, shiney ::Wanders after it::

www.russells-world.com
www.philly2600.net

"Computer games don't affect kids, I mean if Pacman affected us as kids, 
we'd all be running around in darkened rooms, munching pills and listening 
to repetitive music." ~unknown
==================================

Next message: Craig Van Tassle: "Re: DoS against DHCP"
Previous message: John Stauffacher: "RE: DoS against DHCP"
In reply to: RSnake: "DoS against DHCP"
Next in thread: Craig Van Tassle: "Re: DoS against DHCP"
Next in thread: Ed Moyle: "RE: switch jamming"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 30 2002 - 15:56:01 PST