I've been thinking about something along these lines for some time...

Sane DHCP clients should try to ARP an address before accepting a lease from
their server. From what I have observed, it would be trivially easy for an
attacker to deny access to his entire segment by intercepting DHCPREQUEST or
DHCPOFFER messages, and then forging ARP replies for the IP offered.
Additionally, the attacker could easily discriminate target MAC addresses,
and kill only a certain user's service. In my experiences with Windows 95
OSR2's DHCP client, the system seems to be almost unusable during DHCP
refreshes. Also, it would be easy to forge DHCPNAC messages, though I have
not attempted such. This would be a common problem in any LAN-like
environment; it is not specific to cable.

Has anyone else experiemented with something such as this? Or is my
understanding of this terribly mangled? ;-)

apl

----- Original Message -----
From: "b_1995" <b_1995shaw.ca>
To: "Jon Zobrist" <kgbussr.com>; <vuln-devsecurityfocus.com>
Sent: Thursday, February 07, 2002 9:19 PM
Subject: Re: chaging your home IP address... could you take a bunch of
them....probably... could you get something from it...maybe

 *snip*

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]