Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
DHCP is a very commonly used protocol for the automatic assignment of TCP/IP configuration options. DHCP is defined in RFC 2131. "The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCPIP network. DHCP is based on the Bootstrap Protocol (BOOTP) [7], adding the capability of automatic allocation of reusable network addresses and additional configuration options [19]. DHCP captures the behavior of BOOTP relay agents [7, 21], and DHCP participants can interoperate with BOOTP participants [9]." DHCP extensions for IPv6 is defined in RFC 3315.
Common values include:
- IP address
- Subnet mask
- Default gateway (router)
- DNS servers
- DNS domain name
- Lease time
- 802.1Q VLAN ID
- 802.1P L2 Priority
- Bootfile-Name
- TFTP Server IP address
DHCP is not without its issues, here are some of them:
- DHCP is a UDP based protocol and is easily spoofed
- DHCP lease exhaustion/starvation Denial of Service attacks
- Rogue DHCP server responding to clients, the sky is the limit with this attack
- Spoofed RELEASE packets Denial of Service attacks
- DISCOVER and REQUEST are broadcast, everyone hears them and anyone can respond
- No concept of authentication
- Unless Layer2 security is enforced rogue clients get a lease too
- Assigning rogue DNS server IPs to clients, allowing pharming attacks among others
- Vulnerabilities in the DHCP client, some allowing remote arbitrary code execution
- Vulnerabilities in the DHCP service, some allowing remote arbitrary code execution
Please contact us if you have any comments or would like to add to this diary entry.
A reader wrote in "PiXiE uses Wake-On-LAN to turn on machines after they power down, then feeds them a rootkit over BOOTP when they try to network boot (many systems automatically try network boot when woken-on-LAN." A presentation can be found here: PiXiE: A Self-Propagating Network Boot Virus for Windows
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago