[Talk] A denial of service attack?

David Purdue david.purdue at auug.org.au
Fri Jun 14 15:46:04 EST 2002


We are seeing something strange here, and if it is not a DOS
attack or virus of some kind, it is a grand idea for one.

Here is what we see:

- a system is sending out DHCP requests using a bogus Ethernet
MAC address.

- as soon as it gets a lease on an address, it increments the MAC
address and tries again - this ensures it does not get the same
MAC address reallocated.

The effect is that the DHCP server is running out of addresses
to give - so as people turn on their desktops they can not connect
to the network, and as leases expire connected desktops are
effectively getting thrown off the network!

Does anyone know of anything (either because of bug or malicious
intent) that behaves in this way?

Thanks,

DavidP




More information about the Talk mailing list