Re: Getting Printer IP Addresses Prior to Pen Testing - Question About DHCP

From: Skip Carter (skip@taygeta.com)
Date: Wed Sep 21 2005 - 15:38:35 EDT

• Next message: RSMC: "Topology discover"
• Previous message: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> DHCP allocates IP addresses dynamically. How does DHCP know which (fixed
> printer) IP addresses to stay away from? Does anyone know of a way to get
> this list?

Well, actually that depends upon how you configure the DHCP server.

You can configure it to have a MAC address whitelist and to always give
a specific MAC address a specific IP address (a bit more secure and
makes auditing network events much easier as well).

The ISC DHCP server would have lines such as this:

host zaurak {
  hardware ethernet 00:e0:98:b0:e1:7d;
  fixed-address zaurak.vix.com;
}

for each allowed MAC address.

With or without a whitelist, by defining address pools, you can tell
the server which addresses to hand out and which ones to not use.

Again for the ISC DHCP server config file would use lines such as
the following for each dynamic block:

subnet 192.5.5.0 netmask 255.255.255.0 {
  range 192.5.5.26 192.5.5.30;
  option name-servers bb.home.vix.com, gw.home.vix.com;
  option domain-name "vix.com";
  option routers 192.5.5.1;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.5.5.31;
  default-lease-time 600;
  max-lease-time 7200;
}

(to allocate .26 to .30)

Skip

-- 
 Dr. Everett (Skip) Carter           Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Network Security Services   email: skip@taygeta.net
 1340 Munras Ave., Suite 314         WWW: http://www.taygeta.net/
 Monterey, CA. 93940            
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: RSMC: "Topology discover"
• Previous message: Craig Wright: "RE: Passwords with Lan Manager (LM) under Windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:58 EDT