DHCP Security Leak

guru.bidari at sirvisetti.com guru.bidari at sirvisetti.com
Wed May 2 12:50:58 UTC 2007


We are using DHCP, with system-defined lease-period (24 hours), the
IP-address of the pc is refreshed.

We are using one product called as AutoPrint(remote printing solution
which uses oracle apps, we ftp the generated report from oracle apps to a
ftp server running on windows) the way it works, we think we have a
security leak.

After a user scheduled a job and he logged out before the job is finished
and ftp-ed, it is possible that another user gets that IP-address before
the output is processed.

This is more of an issue when concurrent request is re-scheduled to run at
an interval.

So we think that it is a leak that another user on a different pc can get
the output of that request, because that pc has leased the IP-address now.

Please provide us the solution to overcome this security leak.

Guru Bidari

More information about the dhcp-users mailing list