[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] mono wall 1.11 susceptible to dhcp dos attack
 Date:  Wed, 14 Sep 2005 15:46:15 -0400
On 9/14/05, Jared Cebada <JCebada at smwc dot edu> wrote:
> If to many dhcp leases are requested quickly, monowall will write the
> leases with out checking for a duplicate lease in the system. Till it
> fills its memory and cannot commit new leases. Thus no longer handing
> out dhcp leases creates a denial of serice (dos attack). Does anyone
> know if this is resolved in the new releases?? or where it comits the
> leases to, ram or hard drive

DHCP is probably the most DoS-susceptible service running on any
network.  Always very easy to take it out, if by nothing more than
spoofing a bunch of different MAC addresses and picking up leases on

The lease file will always be stored in RAM, as that's what m0n0wall
runs from and nothing on any drive is ever mounted r/w other than to
write out config changes from the GUI.

This is likely to be an isc-dhcpd bug, so I would upgrade to 1.2b10
which has an updated isc-dhcpd and see if if still happens, if you can
reliably replicate it.

m0n0wall was never intended to serve as a large-scale DHCP server, and
Manuel has stated in the past if you need to handle large loads or
need any options more than what's now in the GUI, you need a "real"
DHCP server.