[Snort-sigs] DHCP Attack

arif.jatmoko at ...2741... arif.jatmoko at ...2741...
Wed Aug 18 19:15:04 EDT 2004


Hi list,

I have experienced problem during last two days with kind of DHCP attack.
There were more than one DHCP server available on the network using private
IP address (192.168.x.x) while our DHCP using public ip address. Every DHCP
client request served by those rogues DHCP. Can we detect this kind of
attack ?
I'm thinking about DNS spoofing, DHCP spoofing and other MITM attack. I
knew that there are tools like dhcploc.exe bundled with Win2k Resource Kit
or dhcp_probe available at
http://www.net.princeton.edu/software/dhcp_probe/.

PS. Our DHCP server using Win2K with active directory enabled, while a
rogues DHCP server using Win2K on VMWare (other PCs).

Thanks,
Arif Jatmoko





More information about the Snort-sigs mailing list