From owner-freebsd-security Thu Sep 27 10:53:16 2001 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 43DC737B50C for ; Thu, 27 Sep 2001 10:53:11 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id LAA16147; Thu, 27 Sep 2001 11:52:50 -0600 (MDT) Message-Id: <4.3.2.7.2.20010927114815.00d12100@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 27 Sep 2001 11:52:42 -0600 To: "WebSec WebSec" , fabre@matranet.com From: Brett Glass Subject: Re: LaBrea for BSD? Cc: will@physics.purdue.edu, security@FreeBSD.ORG In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This could worm but would require some hooks in the ISC DHCP server code. There'd still be a problem, though, if you were using fixed IPs and no DHCP. Here's the scenario: You turn off your workstation; the tarpit claims its address; you come in next morning and turn it on; your workstation reports that it is kicking itself off the network because it has ARPed its IP address and found it in use by someone else. (Windows machines with fixed IPs always do this; other operating systems might as well.) --Brett At 11:43 AM 9/27/2001, WebSec WebSec wrote: >Here is an idea, > >How about LaBrea for BSD (installed on a DHCP Server) automatically takes all IPs and releases them as clients request those IPs? > >Another idea is that LaBrea server installed on DHCP "informs" LaBrea clients which IPs to emulate.... > > > >Serg Perfi - YDAP security consulting group To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message