Monkey.org Developments
Honeyd Mailing List: RE: [inbox] Arpd and DHCP

Honeyd Resources

Main - News - Forums 
Download Releases
General Information [Mirror]
Frequently Asked Questions
Sample Configurations
Tools - Service Scripts
Blog - New
Links, Press, etc.
Mailing List Archive
Acknowledgments


Honeyd Research

Immunization Against Worms
Understanding Spam
Performance

Honeypot Resources

Honeypot Background
Honeypot Concepts

Honeypot Books


Virtual Honeypots,
Niels Provos and Thorsten Holz

Happy Hacking

Reduce wishlists
Leave a tip with PayPal

Support Honeyd

Search:
Keywords:

Search Amazon

  		 

RE: [inbox] Arpd and DHCP

From: Curt Purdy <purdy_at_tecman.com>
Date: Thu, 15 Apr 2004 12:26:10 -0500



Graeme Connell wrote:


>   If an attacker is connecting to 192.168.0.1, and another


> computer comes online,


>   a) will dhcp still serve out the address 192.168.0.1?



yes, unless it is already leased



>   b) will honeyd and arpd disrupt services for this newly


> connected user until arpd releases the address?



Actually it depends on the OS.  If the attacker is *NIX and the dhcp user is


Windows, the Windows box will thow up it's hands and cry mama.



Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA


Information Security Engineer


DP Solutions



----------------------------------------



If you spend more on coffee than on IT security, you will be hacked.


What's more, you deserve to be hacked.


-- White House cybersecurity adviser Richard Clarke


Received on Thu Apr 15 2004 - 16:50:52 PDT





















Search For Information











Google








 Search WWW  Search www.honeyd.org 



















NB: This is a filtered version of the Honeypots mailing list. Only posts that concern Honeyd are shown here. For more recent discussions visit the forums.

 











Last modified: June 13 2004 02:53:28 AM


Copyright (c) 1999-2004 by Niels Provos

Don't access my pirated music.