Tag Archives: dhcp exploit

Friday night – B-lab

After a tough day at work i decided to indulge and attend the monthly meeting of the local B-Lab hackers club. We meet at Borders books downtown. It takes me right back to the days when I was a teenager when all my phone hacker friends used to meet at a restaurant or bookstore and trade tools, secretes, equipment, etc.

Tonight we had  really good turnout.. maybe 8 of us.. Some of the guys told us about what they’d learned down at Shmoocon in DC last week. We then talked aboout various exploits and snoop attacks. fun stuff. Many of the guys are in the IT security business.. some of the rest of us do it just for fun.. I’m a relative newb compared to most of the guys.

About an hour in we relocated to the new B-Lab space that some of the guys had set up.. It was my first time there. It’s basically  a one room apartment in a large commercial building. One side of it is full of musical equipment.. that belong to the rooms other tenant. the other side, our side.. has a growing collection of computers, routers, oscilloscopes, books, soldering irons, etc. A total geek man cave..

It was fun hanging out an listening to everyone.. I even learned a new exploit.. It’s called a DHCP tunnel.. it essentially lets you get out through a firewall by disguising your traffic as legal DHCP (ie. directory lookup) queries..It basically encapsulates your IP traffic inside the query and then reroutes the traffic to a fake port for your to use.. Once it was hooked up, you could SSH right through it.. you never new you were using such a goofy and sneaky path. We used my laptop and my friend daves to demonstrate it.. It was amazing to actually see it work…

If you think your system is secure.. best think again 🙂

nite all.. nite sam

-me

ps. please think of me at 11 tomorrow as we jump in lake chaamplain for special olympics. If you want to sonsor me, please check out http://www.firstgiving.com/fundraiser/john-cohn/2011-burlington-penguin-plunge