Forum: Ruby detect rogue DHCP server

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ae8a3b78d9782603e1db84a20ac3c351?d=identicon&s=25 Chris Henderson (Guest)
on 2009-03-17 12:18
(Received via mailing list)
I want to write a program to detect rogue DHCP server on my (switched)
network. It would broadcast a "dummy" MAC address and see which DHCP
server responds. My idea is to send a DHCPDISCOVER packet and see
which DHCP server sends an ACK packet (but never acknowledge the ACK
and terminate the connection).

How do I go about writing this in Ruby?

Thanks for any suggestions.
Fa2521c6539342333de9f42502657e5a?d=identicon&s=25 Eleanor McHugh (Guest)
on 2009-03-17 13:19
(Received via mailing list)
On 17 Mar 2009, at 11:15, Chris Henderson wrote:
> I want to write a program to detect rogue DHCP server on my (switched)
> network. It would broadcast a "dummy" MAC address and see which DHCP
> server responds. My idea is to send a DHCPDISCOVER packet and see
> which DHCP server sends an ACK packet (but never acknowledge the ACK
> and terminate the connection).
>
> How do I go about writing this in Ruby?
>
> Thanks for any suggestions.

First up grab a copy of RFC 2131 (assuming it's still current, this
isn't my area of expertise) and implement the protocol with Ruby's bit-
struct library (see the Camping presentation linked from my .sig for
some basic info on bit-struct). You'll want to use a raw socket for
sending the DHCPDISCOVER and there's some basic coverage of them in
the Pickaxe but if you're not familiar with network programming a copy
of Stevens' UNIX Networking Programming will come in handy.

In the presentation we also cover the use of libpcap for watching on-
the-wire traffic and that's probably the way to go for detecting the
ACK packet if you have the privileges to put your NIC in promiscuous
mode.

You'll also find a slew of network code of varying quality scattered
through the other linked presentations and some of that may give you
inspiration: the UDP client examples in the "Semantic DNS" and "Shoes"
presentations are particularly lightweight and should (with a big "I'm
guessing without writing the code myself" disclaimer) apply equally to
raw sockets.


Ellie

Eleanor McHugh
Games With Brains
http://slides.games-with-brains.net
----
raise ArgumentError unless @reality.responds_to? :reason
F4a46925eed374819ceed93f3e911e8d?d=identicon&s=25 lists (Guest)
on 2009-03-17 14:53
(Received via mailing list)
On Mar 17, 2009, at 7:16 AM, Eleanor McHugh wrote:

> apply equally to raw sockets.
Ellie, you generously reference your slides pretty frequently.  Had
you ever given thought to fleshing out some of your ideas in a book or
downloadable pdf?
Fa2521c6539342333de9f42502657e5a?d=identicon&s=25 Eleanor McHugh (Guest)
on 2009-03-17 15:48
(Received via mailing list)
On 17 Mar 2009, at 13:50, lists wrote:
>> should (with a big "I'm guessing without writing the code myself"
>> disclaimer) apply equally to raw sockets.
>
> Ellie, you generously reference your slides pretty frequently.  Had
> you ever given thought to fleshing out some of your ideas in a book
> or downloadable pdf?

I'd love to if I can find the time to do it justice :)


Ellie

Eleanor McHugh
Games With Brains
http://slides.games-with-brains.net
----
raise ArgumentError unless @reality.responds_to? :reason
47b1910084592eb77a032bc7d8d1a84e?d=identicon&s=25 Joel VanderWerf (Guest)
on 2009-03-17 22:13
(Received via mailing list)
Eleanor McHugh wrote:
>
> First up grab a copy of RFC 2131 (assuming it's still current, this
> isn't my area of expertise) and implement the protocol with Ruby's
> bit-struct library (see the Camping presentation linked from my .sig for
> some basic info on bit-struct). You'll want to use a raw socket for
> sending the DHCPDISCOVER and there's some basic coverage of them in the
> Pickaxe but if you're not familiar with network programming a copy of
> Stevens' UNIX Networking Programming will come in handy.

FWIW, bit-struct includes a couple of raw socket examples.

http://redshift.sourceforge.net/bit-struct/
This topic is locked and can not be replied to.