A DHCP server shouldn't issue more than one lease per MAC address, I'm not sure if MS DHCP server would fall for this, but if it does I would defiantly say it is a problem with the server. Since the processes of obtaining a lease from the server actually requires a conversation between client and server I think it would be difficult to launch this attack without the ability to spoof many MAC addresses. Also, since DHCP works via Layer 2 broadcast the requests will not propagate through routers unless they are configured as forwarding agents.
If you are concerned with unauthorized users getting leases from your DHCP server check out QIP which is now sold by Lucent: http://www.qip.lucent.com/Products/Ent5_0/ I'm sure there are other similar products, but I don't have any experience with them. Basically QIP will allow you to associate users with MAC addresses and only allow authorized users to get addresses from the DHCP server. Ben Setnick -----Original Message----- From: 13579 13579 [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 12:00 PM To: [EMAIL PROTECTED] Subject: dhcp vulnerabilities ? I'm wondering what kind of dhcp vulnerabilities exist for NT platforms, or perhaps even others. I'm sure there's probably utilities that can be loaded that will suck out all available IP's the DHCP server is willing to serve up as DHCP doesn't rely on logging in. Is there a way to prevent this? or utilities I should watch out for on my network to prevent this? _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
