Rich Freeman on 26 Sep 2014 09:00:32 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security

On Fri, Sep 26, 2014 at 11:52 AM, Matt Mossholder <> wrote:
> DHCP Clients do choose servers, but only from the set of servers that have
> responded to a DHCP Discover request.
> The steps are:
> 1) Client sends out a discover request. (DISCOVER)

Sent to a broadcast address.

> 2) All DHCP servers that receive the request will respond back (OFFER)

Again, sent to a broadcast address.

> 3) The client will choose a server to respond to, and ask for a lease.

Again, sent to a broadcast address.

> 4) The selected server replys back with a lease. (ACK)

Or any other malicious server that wants to spoof the reply from the
selected server could do so, having intercepted all the other traffic

At least, that is how I read the spec.  And of course ANY host on the
network can respond to the initial discover even if they're following
the rest of the spec.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --