I've been thinking about something along these lines for some time... Sane DHCP clients should try to ARP an address before accepting a lease from their server. From what I have observed, it would be trivially easy for an attacker to deny access to his entire segment by intercepting DHCPREQUEST or DHCPOFFER messages, and then forging ARP replies for the IP offered. Additionally, the attacker could easily discriminate target MAC addresses, and kill only a certain user's service. In my experiences with Windows 95 OSR2's DHCP client, the system seems to be almost unusable during DHCP refreshes. Also, it would be easy to forge DHCPNAC messages, though I have not attempted such. This would be a common problem in any LAN-like environment; it is not specific to cable. Has anyone else experiemented with something such as this? Or is my understanding of this terribly mangled? ;-) apl ----- Original Message ----- From: "b_1995" <b_1995at_private> To: "Jon Zobrist" <kgbat_private>; <vuln-devat_private> Sent: Thursday, February 07, 2002 9:19 PM Subject: Re: chaging your @home IP address... could you take a bunch of them....probably... could you get something from it...maybe *snip*
This archive was generated by hypermail 2b30 : Sat Feb 09 2002 - 15:49:04 PST