*exploit* dhcp-games-with-smart-router-devices

If your problem doesn't fall into one of the other categories, report it here.

Moderator: Moderators

Post Reply
karenmcd
Posts: 21
Joined: Tue Jan 26, 2016 8:41 pm

*exploit* dhcp-games-with-smart-router-devices

Post by karenmcd »

Code: Select all

https://www.anvilsecure.com/blog/dhcp-games-with-smart-router-devices.html
Can we discuss this security vulnerability? I have my ISP modem bridged to my gargoyle router. I have a guest network and a private network setup on the wifi and then another 9 clients wired. I also have a second gargoyle router setup as a wireless extender with the same SSID for the private wifi network only. (both are wrt1900acs)

I normally had a USB external HDD attached, but I've removed that for now as there's a specific vulnerability to the NAS side of this stuff as well as harddrives. I'd guess someone could possibly intercept CUPS printer stuff too, but this overall seems like a big deal and also not all that new? There were theoretical discussions back to the 90's discussing these possibilities.

RFC 2131 Dynamic Host Configuration Protocol March 1997

Unauthorized DHCP servers may be easily set up. Such servers can then send false and potentially disruptive information to clients such as incorrect or duplicate IP addresses, incorrect routing information (including spoof routers, etc.), incorrect domain nameserver addresses (such as spoof nameservers), and so on. Clearly, once this seed information is in place, an attacker can further compromise affected systems.

Malicious DHCP clients could masquerade as legitimate clients and retrieve information intended for those legitimate clients. Where dynamic allocation of resources is used, a malicious client could claim all resources for itself, thereby denying resources to legitimate clients.
quote from the article above discussing how to exploit dhcp:
Set up an OpenWRT-based smart router (OpenWRT Version 21.02.0-rc1) with a WAN configured to obtain an IP address via DHCP.
There was another paragraph that mentioned Out of the box it would appear gargoyle is affected by this eh?

I'm guessing the only way around this is to ask very nicely for my ISP to assign a static IP to me so as to not have to worry about DHCP WAN side attacks?

Thoughts?

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: *exploit* dhcp-games-with-smart-router-devices

Post by Lantis »

In my opinion, while the attack might be basic, the execution in most scenarios requires physical security breaches first.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Post Reply