SV: DISCOVER bursts
Simon Hobson
dhcp1 at thehobsons.co.uk
Mon Jan 8 21:37:21 UTC 2007
Lars Jacobsen wrote:
>So does this mean that if a malicius user /faulty client keeps
>requesting IP address it would drain the pool - for a 2 minute
>period -, even thoug the protechtion against this has been made ?
>And its not possible to se these "temporary" leases anywhere or ?
Fundamentally this has always been a potential risk with DHCP, if
someone either through bad programming, or more likely malicious
intent, whites a client that keeps making requests under different
client-id and/or mac address combinations then it will exhaust a dhcp
servers pool. On an ethernet network there is little scope for
protecting against this since the server has to take it on trust that
the mac address and/or client id are genuine.
In the case of cable modems, or high end ethernet switches, you can
apply some protection through the lease limit attribute to a spawning
class - however it does look like you have found a way to cheat this.
However, I think the dangers are limited. Firstly someone has to be
connected to your network, so it's not a general remote attack
vector. Also, through the circuit-id I believe you will know which
subscriber circuit the requests come through so you know who to send
the compensation bill to and/or who to ring up and give a bollocking
to and/or whose service to switch off ! Lastly, to be any any real
effect the attack would have to be continuous so as to soak up any
expiring leases - and even then it would only affect devices seeking
to get a new lease rather than renew an existing one - ie it cannot
cause other customers to get disconnected.
Other than that it does carry another risk which is also present in
the general case - that if a determined enough client makes enough
requests then you could potentially cause a denial of service attack
by filling up the servers disk.
More information about the dhcp-users
mailing list