[GTER] Bogus

MARLON BORBA MBORBA at trf3.jus.br
Fri Aug 29 17:37:05 -03 2008


Ainda sobre esse assunto:

http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol 

"Having been standardized before network security became a significant
issue, the basic DHCP protocol includes no security features, and is
potentially vulnerable to two types of attacks:[2]

    * Unauthorized DHCP Servers: as you cannot specify the server you
want, an unauthorized server can respond to client requests, sending
client network configuration values that are beneficial to the attacker.
As an example, a hacker can hijack the DHCP process to configure clients
to use a malicious DNS server or router (see also DNS cache poisoning).
    * Unauthorized DHCP Clients: By masquerading as a legitimate
client, an unauthorized client can gain access to network configuration
and an IP address on a network it should otherwise not be allowed to
use. Also, by flooding the DHCP server with requests for IP addresses,
it is possible for an attacker to exhaust the pool of available IP
addresses, disrupting normal network activity (a denial of service
attack).

To combat these threats RFC 3118 ("Authentication for DHCP Messages")
introduced authentication information into DHCP messages allowing
clients and servers to reject information from invalid sources. Although
support for this protocol is widespread, a large number of clients and
servers still do not fully support authentication, thus forcing servers
to support clients that do not support this feature. As a result, other
security measures are usually implemented around the DHCP server (such
as IPsec) to ensure that only authenticated clients and servers are
granted access to the network."

EQA (Espero que Ajude),

-- 

Abraços,

Marlon Borba, CISSP, APC DataCenter Associate
Técnico Judiciário - Segurança da Informação
IPv6 Evangelist
TRF 3 Região
(11) 3012-1683
--
Practically no IT system is risk free.
(NIST Special Publication 800-30)
--


Em 29/8/2008 às 16:38, "Emiliano Martins"
<emiliano.martins at ik1.com.br>
gravou:

> Caros,
> 
> Sou meio leigo no assunto e nem sei se a pergunta cabe nesta lista,
mas o
> roteador de um cliente está dando a seguinte mensagem de log na
interface
> WAN :
> 
> dhcp: received bogus message -- ignoring
> 
> Alguém sabe o que é essa Bogus Message?
> 
> 
> Emiliano Martins
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter 
--
gter list    https://eng.registro.br/mailman/listinfo/gter



More information about the gter mailing list