[prev in list] [next in list] [prev in thread] [next in thread]
List: dhcp-client
Subject: Re: DHCP Programmer Resources
From: "A.J. Filiatreault" <ajfili () eden ! rutgers ! edu>
Date: 2003-06-10 20:31:06
[Download RAW message or body]
*** From dhcp-client -- To unsubscribe, see the end of this message. ***
This is the normal way we have done things for a while, but we
discovered a little "yeah, but.." attached to that method. A majority of
firewalls/routers/etc simply bounce back the packet, looking like a
valid dhcp server open port. This lead to many false positives. I've
currently came up with the following solution. Not much of a DHCP
request anymore but: I ping the dhcpserver port (67) if I get a response
I ping 5 other arbitrary ports not used by most services. If I get
responses from all of the pings, I know its a firewall/router and can
move on. If I only get a few responses but not all, I know I'm dealing
with most likely a dhcpserver or a machine with poorly configured ICS.
-A.J.
Chris Timmons wrote:
> *** From dhcp-client -- To unsubscribe, see the end of this message. ***
>
>
>A.J.,
>
>You might be able to save some time on the portion of the project which
>performs the scanning by simply using www.insecure.org/nmap/ to find
>machines with something bound to the server UDP port.
>
> nmap -sU -p U:67 <net-spec, eg. 192.168.1.0/24>
>
>For the hosts which have something listening there, you could then
>probably craft some sort of bogus DHCP (unicast) packet to fire at them
>and determine based on their response whether there is actually a DHCP
>server present.
>
>Regards,
>-Chris
>
>On Fri, 6 Jun 2003, A.J.Filiatreault wrote:
>
>
>
>>I'm currently developing a small program for Rutgers University that
>>pretty much takes an IP range, and scans for DHCP servers (rogue ones
>>that is, not the ones that should be there).
>>
>>
>
>-----------------------------------------------------------------------
>To unsubscribe from this list, visit http://www.isc.org/dhcp-lists.html
>or send mail to dhcp-client-request@isc.org with the subject line of
>'unsubscribe'.
>-----------------------------------------------------------------------
>
>
>
>
>
-----------------------------------------------------------------------
To unsubscribe from this list, visit http://www.isc.org/dhcp-lists.html
or send mail to dhcp-client-request@isc.org with the subject line of
'unsubscribe'.
-----------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic