DHCP Security Leak

Simon Hobson dhcp1 at thehobsons.co.uk
Tue May 1 22:48:48 UTC 2007 

guru.bidari at sirvisetti.com wrote:

>In our infrastructure we are using DHCP, with system-defined lease-period
>(24 hours), the IP-address of the pc is refreshed.
>
>We are using one product called as auto print the way it works, we think
>we have a security leak.
>
>After a user scheduled a job and he logged out before the job is finished
>and ftp-ed, it is possible that another user gets that IP-address before
>the output is processed.
>
>This is more of an issue when concurrent request is re-scheduled to run at
>an interval.
>
>So we think that it is a leak that another user on a different pc can get
>the output of that request, because that pc has leased the IP-address now.

I don't think you have a problem.

Firstly, most PCs do not release their leases when you shut them 
down, hence it still has the address allocated to it for typically a 
minimum of another 12 hours. This in itself is sufficient to ensure 
that the address isn't given to another client for a while.

Even after the lease has expired, the DHCP server will not 
immediately reallocate the address - unless you REALLY are very short 
of addresses in which case you will have other problems. As long as 
other addresses are available, then they will be offered (it's a 
least recently used algorithm).

Lastly, how does this feedback work ? Typically I would expect to see 
the client open a TCP connection, send the data and receive any 
feedback, close the connection. Once the connection is closed then no 
more data will be returned by the print unit. Should another client 
take over the IP address, then any open connections will fail because 
port numbers and sequence numbers will not match. Of course, for a 
client to leave without closing the connection means that it has been 
improperly shut down (network cable unplugged, power turned off 
without OS shutdown) which means that it will NOT have released it's 
lease.

So, I don't think you have a problem to solve. If I have 
misunderstood your process, then please explain further.

More information about the dhcp-users mailing list