|
Softpanorama
(slightly skeptical)
Open Source Software Educational Society |
May the
source be with you,
but remember the KISS principle ;-)
|
DHCP Security
DHCP is built directly on UDP and IP which are as inherently insecure. Furthermore,
DHCP is generally intended to make maintenance of remote and/or diskless hosts easier.
While perhaps not impossible, configuring such hosts with passwords or keys may
be difficult and inconvenient. Therefore, DHCP in its current form is quite insecure.
Unauthorized DHCP servers may be easily set up. Such servers can then send false
and potentially disruptive information to clients such as incorrect or duplicate
IP addresses, incorrect routing information (including spoof routers, etc.), incorrect
domain nameserver addresses (such as spoof nameservers), and so on. Clearly, once
this seed information is in place, an attacker can further compromise affected systems.
Malicious DHCP clients could masquerade as legitimate clients and retrieve information
intended for those legitimate clients. Where dynamic allocation of resources is
used, a malicious client could claim all resources for itself, thereby denying resources
to legitimate clients.
The discussion below is based on an excellent paper
Network
Penetration.com/Flaws within the Dynamic Host Configuration Protocol by Ste
Jones
DHCP is used to automatically configure machines with an IP address so that the
hosts do not have to be statically assigned IP addresses. For a clients NIC
to be assigned an IP address the DHCP packet exchange is as follows
- The client sends a DHCP discover packet, indicating that a clients interface
requires a IP address from a DHCP server. The clients interface may ask for
its previous IP address from the server, this may cause problems with the man
in the middle attack (explained later).
- The server sends a DHCP offer packet, informing the client of what IP address
is on offer. The IP address being offered may or may not be the one requested
(if the interface asked for a specific IP address with the discover packet)
depending on how busy the network is. If the network is busy then the IP address
requested with the discover packet may have already been re-assigned to a different
interface, thus a different IP address will be offered.
- The client sends a DHCP request, informing the DHCP server that the clients
NIC wishes to be assigned the IP address sent by the servers offer.
- The server sends a DHCP ack, acknowledging that the NIC has sent a request
for a specific IP address. At this point the clients interface assigns / binds
the IP address from the DHCP servers offer packet in step two.
Once this sequence of packets occurs a client has been assigned an IP address
and probably a default gateway and DNS server. Numerous options can be set by the
DHCP server, for a full list consult the RFC documentation.
If attackers are able to compromise a DHCP server on the network, they might
disrupt network services, preventing DHCP clients from connecting to network resources.
By gaining control of a DHCP server, attackers can configure DHCP clients with fraudulent
TCP/IP configuration information, including an invalid
default gateway or DNS server
configuration. There are several avenues of attack of this protocol some trivial
and some less so:
- Denial of service attack By spoofing the clients packet exchange
a DHCP server will happily give all the available leases to spoofed MAC address
thus causing a denial of service. Any machine wishing to join the network after
the attack would not be allocated an IP address as the whole of the DHCP range
will have been either allocated to valid interfaces (ie. interfaces already
joined to the network before the attack took place) or spoofed MAC addresses
(from the attack). Any interface already joined to the network would not notice
the effect of the attack as they have already been assigned an IP address, but
interfaces without a IP address would not be able to join the network as the
DHCP server will have no available IP addresses.
Some DHCP servers issue ARP
requests or ICMP pings to detect for IP addresses that may be reclaimed by the
server. This is done as operating systems / interfaces do not release there
assigned IP address when shutdown. Basic testing of the denial of service code
successfully defeat the ARP method of reclaiming IP addresses (ICMP method was
not tested) as the number and speed of requests for IP addresses was significantly
higher than the number of ARP requests issued by the DHCP server (when running
multiple copies of the source code in a script). The source code could be extended
to sniff for ARP requests / ICMP ping requests and reply accordingly thus defeating
the servers method of reclaiming addresses.
A Windows 2000 machine running DHCP with active directory, sends a packet
at boot up to check that it is the only DHCP server on the network, if it is
the only DHCP server then it is authorized and allowed to act as a DHCP server.
Further investigation is required to see if this can be reversed to deny a win2k
DHCP server from starting.
- Rogue DHCP server By setting up a rogue DHCP server, a hacker could
create a veritable playground for himself. The DHCP protocol can aid a hacker
to redirect traffic through their machine (man in the middle attack) or send
users to false web pages (via a rogue DNS server). This could occur as a DHCP
server can set various options such as what IP address to use for the default
gateway and also what DNS servers to use.
- Man in the middle attack By starting a rogue DHCP server, the real
DHCP server and the rogue server will fight to assign a interface an IP address.
If a rogue server wins then the interface could be assigned a different default
gateway. By assigning a different default gateway (i.e. a hackers machine) all
outgoing packets would be sent via the hackers machine thus sniffable. The machine
acting as the default gateway would need to rewrite the MAC layer to enable
the packets to be forwarded to the correct destination (ie the correct default
gateway).
The source code grabs an IP address from the DHCP server using the
same method as the denial of service but instead of stealing all the IP addresses
only one IP address is stolen. A rogue DHCP server is then started and listens
for a client to send a discovery packet to the broadcast address. The rogue
server and the valid server then both send a offer packet (the rogue server
issues the IP address stolen at the start of the attack, this is to ensure that
no IP address conflicts occur) and depending on which reaches the client first,
determines which server the client uses. If the client uses the valid DHCP server
then the man in the middle attack will fail.... If the client uses the rogue
DHCP server the man in the middle attack will succeed.
Some problems with the man in the middle attack
- One problem with the DHCP man in the middle attack is that it may not
work on a small network. The attack may not work if the NIC's request for
its old IP address is fulfilled. If the normal DHCP server can fulfil the
request for the specified IP address, the NIC will be assigned the previous
IP address and not the one from the rogue server. The only way a rogue server
can assign IP addresses is if the requested IP address is not available
on the normal DHCP server (i.e. The address has been re-allocated to another
interface). The rogue server would not be able to fulfill the NIC's initial
request as the rogue servers address range is based on stolen addresses
from the normal DHCP server, and is unlikely to contain the IP address requested.
If a rogue server issues a requested IP address to any NIC that wanted it,
problems would occur on the network as multiple machines may have the same
IP address.
- Another problem with the attack is that it would only be a one way attack
as the default gateway assigned by the rogue DHCP server is not the real
default gateway. The fake gateway would need to sniff the packets and rewrite
the MAC layer to enable the packets to be sent to the correct default gateway.
The problem would occur with packets being sent from the correct default
gateway back to the attacked machine as the packets would not pass through
the rogue gateway, thus can not be sniffed. This basically means that all
outgoing traffic can be sniffed and all incoming traffic can't.
- A full man in the middle attack can be established using programs such
as Dsniff and Ettercap which both utilize ARP poisoning to establish the
man in the middle attack.
- Exploiting DHCP to trick users into using a fake DNS server As mentioned
above a DHCP server can tell a interface which DNS server to use, so by specifying
a hackers machine running a fake DNS server could make getting usernames, passwords,
credit card numbers relatively easily. The fake DNS server would point for example
www.hotmail.com to the hackers IP address.... so as long as the hacker has a
convincing copy of hotmail's front page the username and password could be easily
stolen.
- Stealing a machines identity Many servers that use DHCP get re-assigned
the same IP address every time they request an IP address. A list of MAC addresses
(maintained by the administrator) is used to re-assign the same IP address to
a specific MAC address. By spoofing the MAC address of a specific machine and
requesting the corresponding IP address a machines identity can be stolen. For
this to occur the target machine needs to DoSed, and the packet exchange (to
steal the identity) to take place before the machine is rebooted. If successful
the target machines IP address will be given to the hacker and with a bit of
ARP trickery (reply to ARP requests) that state should be maintained.
Man
in the middle attack a machine on a small network (noisy method)
1) Denial of service a machine on the network, try using jolt2.
2) Before the machine reboots, steal the IP address it was allocated so that
it has to request a new address
3) Start a rogue DHCP server, and hope that it wins the fight to assign a clients
IP address.
- Rogue Detect is a Perl script which sends DHCPDISCOVER packets to
the network and listens for DHCP servers to respond. It can run continuously
as a daemon, or do a single probe and quit. It's written in Perl and can be
easily extended to take any action you can think of in response to an unknown
DHCP server (send pages, disable them, etc).
- Dhcploc.exe Dhcploc.exe is a command-line tool that is
part of the Windows Support Tools found in the \Support\Tools folder on your
Windows XP product CD and it can be used to display all DHCP servers that are
active on the local subnet. Dhcploc.exe has been around since Windows NT 4.0
and it works by sending out DHCPREQUEST messages and displaying the IP addresses
of the DHCP servers that responded with DHCPACK. You can find the syntax of
this tool in the Help file that is installed when you install the Support Tools
on your machine.
- dhcp_probe The Network Systems Group at Princeton University's
Office of Information Technology has developed a tool called dhcp_probe that
tries to discover DHCP and BOOTP servers on a directly-attached Ethernet network.
The existing build runs on Solaris 8 on SPARC with gcc and there is patch for
it to work on Linux also, so if you have either of those platforms you can try
using this tool to detect any rogue DHCP servers that might be running on your
network. You can find the Network Systems Group's tools page
here and
can download dhcp_probe directly from
here.
Notes:
- Those pages are written by people for whom English is not a
native language. Some amount of grammar and spelling errors
should be expected.
- This is a Spartan WHYFF (We Help You For Free) site. It
cannot replace the best teachers and
the
best books.
- The site contain some obsolete pages as it develops like a
living tree... Some links on older pages
are broken. Please
try to use Google, Open directory, etc. to find a replacement link
(see
HOWTO search the WEB for details).
We would appreciate if you can
mail us a correct link.
|
|
Rogue Detect sends DHCPDISCOVER packets to the network and listens for DHCP
servers to respond. It can run continuously as a daemon, or do a single probe
and quit. It's written in Perl and can be easily extended to take any action
you can think of in response to an unknown DHCP server (send pages, disable
them, etc).
DHCP Server Detection
The library and simple script included are made possible by Oregon
State University Open Minds. Open Doors. Open Source.
http://oregonstate.edu
Quick and Easy
Requirements:
- Carp
- Net::RawIP
- Data::Dumper
- FileHandle
- POSIX (to do fork() stuff)
- Net::SMTP (to send email)
- Sys::Syslog (optional)
I’ve only tested this with the one box I wrote it on at this point,
its Debian Linux (woody—though with some sid/unstable packages installed)
I don’t see any reason it wouldn’t work elsewhere though.
INSTALL
- Unpack the DHCPDetect.pm and dhcpdetector.pl files somewhere
- Install required perl libraries (www.cpan.org)
(in debian try ‘perl -MCPAN -eshell’)
- Edit dhcpdetector.pl – add your DHCP
server’s HWA, and the
HWA of the iface used to scan and edit
the defaults to your taste.
- set dhcpdetect.pl executable (chmod u+x dhcpdetect.pl)
- run dhcpdetect as root: ./dhcpdetect.pl
dhcpdetect has two modes available: continuous scan mode, and single
scan mode (default).
- Single Scan mode (default) will send a single
DHCPDISCOVER packet to the network and
wait a configurable number of seconds for unauthorized servers.
- Continuous mode will continue to run, sending
DHCPDISCOVER packets every
minutes, sending out alerts etc.
Single Scan mode is good for running from the commandline periotically
or from a cron script, while Continuous mode is good for letting the
detector run indefinately.
Syntax:
dhcpdetect.pl --continuous [--freq=x] [--iface=interface] [--nodaemon] [--debug=x]
OR
dhcpdetect.pl [--waitfor=x] [--iface=interface] [--debug=x]
--continuous Cause the program to run in a loop, sending DHCPDISCOVER occationally
and listning for replies
--nocontinuous (default) Send only one DHCPDISCOVER and wait only long enough for
a response. Then quit. (for commandline or crontab use)
--freq=x In continuous mode only: how long between DHCPDISCOVER packets
--waitfor=x In normal (non-continuous) mode only: how long to wait after
sending a DHCPDISCOVER for replies.
--iface=interface Network interface to use (eg eth0). Unfortunately only one
can be done at a time (sorry) run multiple copies for now.
--daemon/--nodaemon in continuous mode only: wether or not the program should
fork and go into the background. Default is yes.
--debug=x Debug level. 1-5 supported. 3 is good for info. higher levels
give more information.
Bugs
- Continuous mode could have memory leaks. I havnt’ checked (yet)
Notes
Sending a DHCPDISCOVER packet causes any
DHCPSERVERS listning to allocate an IP address
for a few seconds, while they wait for the detector to
ACK their offer. Since we never do send an
ACK, the IP is not allocated to us. Hence,
it should be ok to run this on the network.. but do so at your
OWN RISK!!
This package is nice in that you do not have to have a clear view
of the network to run it (ie, it works behind a switch). You DO have
to be within broadcast range, which usually means on the same subnet
as the DHCP server. In some cases scaning
port 68 (67?) on every machine may be the better answer to finding dhcp
servers, but with this program, as apposed to a passive one like snort,
you do not have to be able to see traffic not destined for you.
Our resnet has 19 subnets, so I use a linux box with 19 aliased interfaces
in addition to its onboard network.In linux they are eth1, eth2.0132,
eth3.0133, etc… so I must run 19 copies of dhcpdetect.pl, one for each
interface.
If you have questions please contact us at
https://roguedetect.bountysource.com
Alex Schumann, Karl Vollmer
Dec 21, 2006
I have finally found a tool that works for RHEL and Debian (and probably
all Linuxes). It's a Perl module and accompanying script which can optionally
be run as a demon and be setup to email you each time it finds a rogue server.
It's called
RogueDetect and is GPL. I have tested version 0.4Alpha2. I've also used
this code as a basis for a Nagios
plugin the code for which I'll be releasing over the next few days on this blog.
Good post bart, nice to see that windows has some decent commands relating
to standard internet protocols. In the longer term, you could have a permanent
method of spotting rogue dhcp servers. I found a rule for snort:
#
# DHCP Servers
#
alert udp !$DHCP_SERVERS 67 -> 255.255.255.255 any (msg: “possible rogue DHCP
Server”; sid:1000001;)
I know you use nagios, I dunno if theres a plugin for that yet.
I am by no means shy about pointing out problems with Windows on this blog but
I do try to be objective in my criticism. Today I have the rare pleasure of
sharing a Windows command-line tool that I haven't been able to find an equal
to on RedHat Enterprise Linux (RHEL) 4. A few weeks ago a rogue DHCP server
caused us some serious problems at work so I was asked to find a simple tool
for detecting rogue servers. In theory there are loads of tools for this on
Linux but after having tried everything Google was able to find for me (an entire
day's work) I'd still drawn a blank. Everything I tried insisted that our main
DHCP server did not exist. What's more tcpdump showed responses
from the DHCP server arriving at the machine but all the tools insisted they
got no reply regardless. In my search I did come across dhcploc.exe, a small
MicroSoft command-line tool that ships with most versions of Windows. Granted,
it's not part of the default install but it is on the CD none the less and more
importantly it works!Technorati Tags:
Windows,
RedHat,
RHEL,
DHCP,
Rogue DHCP
Servers
To install dhcploc.exe you have to install the Support Tools
which you have to look for on your Windows CD. Once you have this installed
you can set it looking for rogue servers with the following command:
dhcploc
dhcploc.exe will then run continually and display all DHCP responses
it sees. It will beep each time a rogue server is seen. You can also get it
to only show you rogue traffic with the -p flag.
It's rare that Windows has more powerful command-line tools than Linux but
when it comes to detecting rogue DHCP servers Windows had it nailed with this
simple tool that just works! I just hope this tool still exists in Vista!
Update 21 December 2006
I have finally found a tool that works for RHEL and Debian
(and probably all Linuxes). It's a Perl module and accompanying script which
can optionally be run as a demon and be setup to email you each time it finds
a rogue server. It's called
RogueDetect
and is GPL. I have tested version 0.4Alpha2. I've also used this code as a basis
for a Nagios plugin the code
for which I'll be releasing over the next few days on this blog.
Finally, there are a few tools you can use to detect
the presence of rogue DHCP servers on your network so
you can get rid of them. These include both tools from
Microsoft and from third-party sources, and we'll end
by examining two of these tools.
Dhcploc.exe
Dhcploc.exe is a command-line tool that is part of
the Windows Support Tools found in the \Support\Tools
folder on your Windows XP product CD and it can be used
to display all DHCP servers that are active on the local
subnet. Dhcploc.exe has been around since Windows NT
4.0 and it works by sending out DHCPREQUEST messages
and displaying the IP addresses of the DHCP servers
that responded with DHCPACK. You can find the syntax
of this tool in the Help file that is installed when
you install the Support Tools on your machine.
dhcp_probe
The Network Systems Group at Princeton University's
Office of Information Technology has developed a tool
called dhcp_probe that tries to discover DHCP and BOOTP
servers on a directly-attached Ethernet network. The
existing build runs on Solaris 8 on SPARC with gcc and
there is patch for it to work on Linux also, so if you
have either of those platforms you can try using this
tool to detect any rogue DHCP servers that might be
running on your network. You can find the Network Systems
Group's tools page
here and can download dhcp_probe directly from
here.
Roaming DHCP
- for registered laptops on the SLAC network
Roaming DHCP allows the laptop user to connect his registered
laptop to network taps on different subnets of the SLAC internal network.
There is no DHCP service for desktops. There is no wireless networking
on the SLAC internal network.
The MAC address of the laptop must first
be registered with the DHCP server. After the laptop is registered
and connected to the SLAC network the DHCP server will dynamically assign it
a SLAC IP address and other network configuration information.
As long as the laptop is connected to the network the
lease will not expire and the laptop will keep the assigned IP address. If the
laptop disconnects from the network the lease will expire after the lease time
is up and the IP address will be freed up to be used by another DHCP client.
The laptops lease will have to be renewed the next time the laptop is
connected to the network. The lease time is 1 hour.
If a registered MAC address is not
used for 9 months it will be removed from DHCP and will need to be registered
again.
Policy and Security Guidelines
to be followed
The
group desktop administrator should determine
that the laptop meets
current security requirements
set
by SLAC Computing Security before registering the laptop for DHCP.
In order to keep your DHCP registration, your machine
must keep up-to-date with these security requirements, or else your DHCP
registration will be revoked.
For Windows:
Before requesting DHCP you are required to read and implement
the
Windows
at SLAC guidelines, including the
Guidelines for Connecting Computers to SLAC Internal Network
. Check with your
Desktop Administrator for help.
For Linux:
Before requesting DHCP you are required to read and implement
the
Linux at SLAC guidelines. For help check with
unix-admin@slac.stanford.edu
.
How to
get your laptop registered for Roaming DHCP
Contact a
DHCP Czar who works in your group or your area and provide him
with the DHCP Registration Information listed below. He can register
it for you.
All other requests should be sent to
dhcp-admin@slac.stanford.edu
.
Copy and paste the DHCP Registration Information and
your responses to your email:
DHCP
Registration Information (all information is required):
* = Name must be in
the SLAC Phone Book
- MAC Address
e.g. 00:0d:9d:c9:1c:48 :
- PC Number e.g. PC12345
or "Not SLAC Property" :
- OS Version e.g. WXP
SP2, Linux RH10 :
- User's Name
* :
- User's Home Institution
e.g. SLAC, INFN, TRIESTE :
- Contact / Supervisor *
e.g. user's supervisor, manager, or sponsor
:
- System Admin
*
the person who will administer this laptop :
- Security The laptop
user and the System Admin have read,
understood,
and implemented the Security
Guidelines
and
the System Admin has determined that the laptop
meets
current security patch levels.
reply yes or
no :
Visitor DHCP
- for unregistered laptops on the visitor
network (for SLAC visitors)
Visitor DHCP allows SLAC visitors a quick and easy connection
to the Internet to read email, connect to hosts at home institutions, and browse
the web. This connection is on the
visitor network, located
outside the SLAC internal network and firewall, and restricts access to
many SLAC network services.
No registration is needed. Users simply need to
find a network tap configured for the visitor network and connect their
laptop to it. Currently there are visitor taps located in the Auditorium, many
conference rooms, and other locations at SLAC. Check with your
Desktop Administrator for specific locations.
The visitor network also supports wireless networking.
See the SLAC
wireless
web page for more information.
Temporary DHCP
- for
system administrators for new machine configuration
Temporary DHCP is used by authorized system administrators, who are also
DHCP Czars, to allow them to configure new machines on the network.
The lease period for temporary DHCP expires at midnight of the day it's acquired.
- I can well understand with large networks
the ability to configure new PC's and it on the network
and have the convenience of DHCP issue a valid IP and
DNS server as a very very useful tool.
However, how many of use consider the security repercussions
of handing out access to you total network just by the
action of plugging a PC in.
The problem gets worse as the lager you network the
more likely you will be dependant on DHCP.
From my point of view if you have a small to moderate
Network you should NEVER use DHCP to hand out the keys
to you network to anyone who plugs in a PC and the only
thing that separates the newly plugged in PC is a password
and user name.
It is very very hard to keep track of all the wired
access points in your office and so the threat compounds
itself.
Security threats come i all different types and we should
never forget the internal threat any possibly has by
just plugging a PC or laptop into ANY RJ socket.
If you network not a never ending story in its size
managing it without DHCP should be a major consideration.
If you cannot live without automatically assigning IP's
then DONT hand out DNS servers for free. This can be
a compromise for large expansive networks.
The other issue to consider is the use of different
routes available on you network. I can not image being
asked as a security consultant NOT to plan different
routes depending on the level of security you need.
NOT every PC needs to have access to each other. All
that is needed is your severs ability to see everyone.
Defining different routes by not using DHCP on every
one or using DHCP and defining different routes using
differing subnet masks is an option here.
For a real world issue having Management on the same
route as the rest of the office is a definite no no.
Payroll and accounting can also have a different route.
Remember if you have not removed the default hidden
share of every XP workstation's root drive of every
physical drive in each PC should not be underestimated
or forgotten.
Static assignment of Private IP's is also helpful for
every internal security audit. Sure once DHCP has assigned
an IP to a PC it i more than likely subsequent assignment
will be the same, however when it comes to internal
security audits it wont stand up to any audit investigation.
Using static private addresses may take a little more
time during setup, however dont give out the key to
you network to anyone who asks for it unless it is totally
not manageable – due to size and personally I still
have security issues – no matter how big the network.
If you want to comment on this discussion, don't use
the excuse you are too busy. The assignment needs only
to be made once and I am not advocating suddenly changing
a 300+ workstation Network.
Non emotive discussion is helpful and passionate opinions
are respected, however we work in the technology industry
where non-fact is not worthy of the time it takes to
write it.
Please tell me how you have inviolately secured your
network without DHCP and static private network assignment.
- Posted: 10/30/2006
@ 20:24
It's been
recently
noted that Mac OS X can be susceptible to a security problem
involving malicious DHCP servers. The chances of the security issue
affecting Mac users en masse is miniscule, but Apple recently
posted details to its online Knowledgebase explaining how to
circumvent potential problems.
According to a report from Carrel.org, a malicious response from
a Dynamic Host Configuration Protocol (DHCP) server can grant root
access on various versions of Mac OS X. DHCP is commonly used as
an easy way to provide users on a network with TCP/IP addresses.
"In many cases, your Mac is protected from this kind of exploit
because the malicious DHCP server has to be part of your local network,
or 'subnet,'" said Apple in its recent tech note. "If your computers
are the only ones on your local network and you have a broadband
connection (DSL or cable service) with a Network Address Translation
device -- such as an AirPort Base Station -- this exploit is not
possible."
Carrel.org disputes that claim. "If you have not secured your
network (especially a wireless network) against malicious devices
connecting to it, you can be exploited even if you are using NAT
since the attack happens behind the NAT on your local subnet," said
William Carrel.
That chain of events would require someone to set up or hack
a DHCP server on an exposed wireless network -- one with no password,
for example, or one whose password had been compromised.
Regardless, Apple has offered steps that users concerned with
this issue can take to make sure their Macs can't be exploited in
this way. Steps include making sure that LDAP-based directory services
are turned off, or making sure that search parameters for directory
services are changed.
In case of broken links
please try to use Google search. If you find the page please notify
us about new location
Network
Penetration.com/Flaws within the Dynamic Host Configuration Protocol by Ste
Jones
Microsoft/Security information for DHCP
WindowsDevCenter.com -- DHCP and DNS Securityby Mike Danseglio
In this excerpt from Securing Windows Server 2003, author Mike Danseglio explores
the core network services of DHCP and DNS.
Lots of elements are involved in a healthy network. Many are provided by
hardware, such as the routing and switching of data. Others are provided by
software and are frequently based on the network protocols in use. These services
are often overlooked by security administrators and implementers. But attackers
can use these services to launch, support, or continue an attack. In fact, denial-of-service
attacks can be very effectively carried out by just attacking these services
alone. This chapter explores two important services that exist on most networks
but get very little security attention.
Microsoft has recognized the lack of security in DHCP and DNS. As a result,
Windows Server 2003 has several security technologies that are not necessarily
standards-based or fully compatible with other operating systems; however, depending
on your computing environment and need for security, these technologies can
prove beneficial.
DHCP Server Security (Part 1)
Part 1 of this two-part article looks at the different types of threats faced
by DHCP servers and countermeasures for mitigating these threats.
www.windowsecurity.com/articles/DHCP-Security-Part1.html
- 31k -
Cached
DHCP Server Security (Part 2)
In Part 1 of this two-part article we looked at the different types of threats
faced by DHCP servers and outlined some general countermeasures for
... www.windowsecurity.com/articles/DHCP-Security-Part2.html
- 33k -
Cached
DHCP and security
P-107
Security Vulnerability in Solaris 8 DHCP Administration Utilities
See also Solaris DHCP
RFC 2131 Dynamic
Host Configuration Protocol
RFC 2132
DHCP Options and BOOTP Vendor Extensions
Copyright © 1996-2008 by Dr. Nikolai Bezroukov.
www.softpanorama.org was
created as a service to the UN Sustainable Development Networking Programme (SDNP)
in the author free time.
Submit
comments This document is an industrial compilation designed and created
exclusively for educational use and is placed under the copyright of the
Open Content License(OPL).
Original materials copyright belong to respective owners. Quotes are made
for educational purposes only in compliance with the fair use doctrine.
Standard disclaimer: The statements, views and opinions presented on
this web page are those of the author and are not endorsed by, nor do they necessarily
reflect, the opinions of the author present and former employers, SDNP or any other
organization the author may be associated with. We do not warrant the correctness
of the information provided or its fitness for any purpose.
Last Modified:
June 02, 2008
