Force DHCP server to assign new IP to client
dougb at dougbarton.us
Wed Oct 15 18:14:33 UTC 2014
On 10/15/14 1:43 AM, Simon Hobson wrote:
> Jeffrey Zheng <jeffreyzheng at live.com> wrote:
>> Basically the research is trying to find a way to randomly change clients' IP addresses so that any IP-based attack or reconnaissance might be thwarted, that is why I am looking into the DHCP server to see if I can use it to achieve the goal.
> There are two different goals there, although there is some overlap.
> 1) Attack
> Not to put too fine a point on it, you're wasting your time. Unless you have a vast quantity of IP addresses then moving doesn't really help - it's a bit like (to use an Gregory's analogy) moving to another house in the same street, someone wanting to steal your car will easily be able to see it's on the drive two houses down from where it was yesterday !
> Also, at work I have the luxury of managing a /24 of public IP space - from the logs it's clear that people don't attack a single IP - when I get an email from fail2ban on one (say) email server, I'll typically see the same alert for the same attacking address from all the others at the same time.
> 2) Reconnaissance
> I very much doubt that changing IP address will do much to help. Various online outfits (Google being the most well known, but not the most aggressive) are very adept at tracking people across dynamic IPs from their ISPs and across different IPs from moving around between networks. As IPv6 starts to pick up momentum, I'm sure they've been "honing their skills" given that everyone using IPv6 is going to be on a network with a minimum of 2^64 addresses on it - and if using privacy addressing, devices will be switching around between a large number of those addresses.
> TL;DR version
> I think it's a lot of effort from minimal gains. From teh security and privacy POV, there are other avenues to explore which would give better returns.
To add another perspective on this, unless you have a huge pool of
addresses that you can rotate among a small number of clients you're
just as likely to be moving a user from an address that isn't being
targeted to one that is as you are to be moving a user from an address
that isn't being targeted to one that isn't.
More information about the dhcp-users