'Re: DHCP Programmer Resources'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dhcp-client
Subject:    Re: DHCP Programmer Resources
From:       "A.J. Filiatreault" <ajfili () eden ! rutgers ! edu>
Date:       2003-06-10 20:31:06
[Download RAW message or body]

   *** From dhcp-client -- To unsubscribe, see the end of this message. ***

This is the normal way we have done things for a while, but we 
discovered a little "yeah, but.." attached to that method. A majority of 
firewalls/routers/etc simply bounce back the packet, looking like a 
valid dhcp server open port. This lead to many false positives. I've 
currently came up with the following solution. Not much of a DHCP 
request anymore but: I ping the dhcpserver port (67) if I get a response 
I ping 5 other arbitrary ports not used by most services. If I get 
responses from all of the pings, I know its a firewall/router and can 
move on. If I only get a few responses but not all, I know I'm dealing 
with most likely a dhcpserver or a machine with poorly configured ICS.
-A.J.


Chris Timmons wrote:

>   *** From dhcp-client -- To unsubscribe, see the end of this message. ***
>
>
>A.J.,
>
>You might be able to save some time on the portion of the project which
>performs the scanning by simply using www.insecure.org/nmap/ to find
>machines with something bound to the server UDP port.
>
>	nmap -sU -p U:67 <net-spec, eg. 192.168.1.0/24>
>
>For the hosts which have something listening there, you could then
>probably craft some sort of bogus DHCP (unicast) packet to fire at them
>and determine based on their response whether there is actually a DHCP
>server present.
>
>Regards,
>-Chris
>
>On Fri, 6 Jun 2003, A.J.Filiatreault wrote:
>
>  
>
>>I'm currently developing a small program for Rutgers University that
>>pretty much takes an IP range, and scans for DHCP servers (rogue ones
>>that is, not the ones that should be there).
>>    
>>
>
>-----------------------------------------------------------------------
>To unsubscribe from this list, visit http://www.isc.org/dhcp-lists.html
>or send mail to dhcp-client-request@isc.org with the subject line of
>'unsubscribe'.
>-----------------------------------------------------------------------
>
>
>
>  
>




-----------------------------------------------------------------------
To unsubscribe from this list, visit http://www.isc.org/dhcp-lists.html
or send mail to dhcp-client-request@isc.org with the subject line of
'unsubscribe'.
-----------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic