[RndTbl] Shaw DHCP weirdness or attack?
Colin Stanners
cstanners at gmail.com
Wed Dec 5 13:20:28 CST 2012
My random guess is that their DHCP server is sending out DHCP packets
that are bigger (these days) than their routers are used to forwarding
for DHCP-relay. How big are the packets?
On 12/5/12, Sean Walberg <sean at ertw.com> wrote:
> On Wed, Dec 5, 2012 at 12:31 PM, Trevor Cordes <trevor at tecnopolis.ca>
> wrote:
>
>
>> Hmm, I'm not sure I follow... been up too long! Not sure why Shaw's
>> routers would relay bc's across subnets sourced from random nitwit's
>> broken client/router? This is type "Boot Reply (2)" which should be
>> coming from the DHCP server back to the client?
>
>
> I'd be interested to see the packet.
>
> At least with ARPs you see all sorts of subnet leakage. Do a "tcpdump arp"
> some day and watch for stuff that doesn't belong, most of it comes from
> Shaw routers.
>
> Sean
>
> --
> Sean Walberg <sean at ertw.com> http://ertw.com/
>
More information about the Roundtable
mailing list