Since Scott didn't specifically say it, I will: Yes, DHCP can be exploited remotely. Network Management Systems are able to keep track of DHCP servers this way. Directed, or Unicast, UDP traffic should illicit similar response as the broadcast UDP traffic used by normal DHCP requests.
Scott Gifford <[EMAIL PROTECTED]> >Akop Pogosian <[EMAIL PROTECTED]> writes: > > >[...]> > >> My question is, is it possible for an attacker who comes from >> outside of the trusted subnets to which dhcp server connects >> directly to spoof the IP source address to look like 0.0.0.0 in >> order to run an exploit on dhcpd? If yes, how can I prevent this? > >Block it at your border router, along with other Martian packets. > >Blocking the DHCP ports at the router also isn't a half-bad idea.
