Topics

dhcp and unauthorized devices

Gordon Haverland
 

Looking around DHCP, it seems that at one point there was some kind of
authentication capability, and even if it is still present, hardly
anybody has used it.

I think the default setup for DHCP, does not have "tables of MAC
addresses", and so the DHCP server is allowed to assign whatever IP
address it wants to that is not yet assigned, in the address range in
question.

My casual reading of this literature, suggests the MAC address is the
only information used, but it seems that some other information might
be involved as I have observed the same NIC getting a different IP on
occassions. I suppose some of these occasions could be a hardware
upgrade (and hence the NIC could have been updated, hence the MAC was
changed).

The "core" DHCP language, does seem to allow for some kind of vendor
information. Among those is vendor-id.

But, if someone knew a tiny amount about LANs, they could unplug an
existing device so that they could plug the LAN cable into their
"computer", and on turning on the machine, a DHCP server may have
issued them an IP.

If no IP was issued, they might know a little about DHCP, and realize
the MAC address was needed. And so, they could look at the machine
they had disconnected, and try to find what MAC address its NIC had,
and set the MAC address of their NIC to be the same. They would expect
DHCP to issue the same IP that the computer the LAN cable should be
connected to usually gets. But, if the computers on the LAN were
configured to provide vendor-id information to DHCP (say they provided
0x83 - the partition type ID for Linux), would this person who is
attempting to get access to the Internet by pulling out LAN cables
without permission know enough to find what vendor information is being
used?

At best, this is a really dumbed down authentication system.

But would it work?

Thanks.

--

Gord

William Henderson aka Slackrat
 

"Gordon Haverland" <ghaverla@...> writes:

Looking around DHCP, it seems that at one point there was some kind of
authentication capability, and even if it is still present, hardly
anybody has used it.
check the modem/router

--
William Henderson
aka Slackrat
http://billh.sdf.org/slackware.jpg
9HS5203 on HamSphere Ham Radio