DHCP Security Leak
Stephen John Smoogen
smooge at gmail.com
Tue May 1 20:51:00 UTC 2007
On 5/1/07, guru.bidari at sirvisetti.com <guru.bidari at sirvisetti.com> wrote:
> In our infrastructure we are using DHCP, with system-defined lease-period
> (24 hours), the IP-address of the pc is refreshed.
> We are using one product called as auto print the way it works, we think
> we have a security leak.
> After a user scheduled a job and he logged out before the job is finished
> and ftp-ed, it is possible that another user gets that IP-address before
> the output is processed.
> This is more of an issue when concurrent request is re-scheduled to run at
> an interval.
> So we think that it is a leak that another user on a different pc can get
> the output of that request, because that pc has leased the IP-address now.
> Please provide us the solution to overcome this security leak.
As far as I can tell.. that is DHCP working as designed. If you are
allowing dhcp users to print sensitive/controlled material that you do
not want others to get, you are going to need to use additional
security methods beyond the IP address to control output. Those could
be use of the fixed address with mac-address on the DHCP server, and
having a switch network architecture that locks port to mac-address so
that other systems can not 'duplicate' the mac address.
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the dhcp-users