Comments on: Episode 702 – DHCP Exhaustion and DNS Man-in-the-Middle

By: John

John — Wed, 03 Mar 2010 06:05:10 +0000

Heaven forbid some people have differences in opinions

By: DroppinBy

DroppinBy — Tue, 02 Mar 2010 23:52:13 +0000

Whats with all the voting people down? Not cool :/

By: Sniper

Sniper — Fri, 26 Feb 2010 11:46:03 +0000

btw, check out the latest NASA “live” server vulnerabilities at pinoysecurity.blogspot.com just don’t deface them ok?

By: Slasher

Slasher — Fri, 26 Feb 2010 06:43:46 +0000

Or as soupman said, take all the ip’s for yourself. Also on my router (Netgear) you can restrict the range of ip’s it will hand out, so if i only have say 2 pc’s i need wireless with, i can change it from 192.168.0.1-192.168.0.254 to 192.168.0.1-192.168.0.3.

By: Ben

Ben — Thu, 25 Feb 2010 15:35:10 +0000

What, no mention of how to help prevent against this type of attack??

1. Shorten your DHCP lease times. DHCP clients issue a DHCPREQUEST to renew their lease prior to the end of the lease. I believe most clients wait until the lease is 1/2 over to issue the first DHCPREQUEST.

2. Watch your network for rogue DHCP servers. If someone else is issuing DHCPOFFER packets you can monitor this using your IDS/IPS and take action.

3. Segment your network and only allow DHCPREQUEST traffic to be relayed to your DHCP server.

By: soupman

soupman — Wed, 24 Feb 2010 14:15:35 +0000

DHCP Exhaustion, loving it. I see it also being us full on your own network of you want to make 100% sure that no rogue device shows up, nab all the IPs for yourself so nobody is able to connect!(cant help but think I’m stating the obvious here lol) Great episode as always, wish you could have come down south of UK Darren!
Peace