Setting up a DHCP Server

posted onJune 28, 2000
by hitbsecnews

Hey kids! I'm back once again this time around to show you how you can
set up your own DHCP server at home! Well perhaps setting up a DHCP server
at home would be a total waste of time, so I guess this information would
be more well suited to those overworked *cough* system admins that need
more free time to surf the net downloading patches *cough* for their buggy
systems. (Then again, they'd probrably prefer to use that bandwidth downloading
porn but that's another story all together). Anyhow, why precisely would
you want to have a DHCP server anyways? Well ask yourself this question...
"How many times have you installed a new desktop or plugged a notebook
into your LAN only to find that you can't quite remember which IP address
are available?" I'm sure more times than you'd care to admit. Eitherways,
a DHCP server will end all your troubles *well with regards to remembering
available IP address anyhow*. Oh yes... I almost forgot... just incase
there are those of you out there that haven't a slightest idea what a
DHCP stands for it's Dynamic Host Configuration Protocol and thanks to
the folks from the Internet Software Consortium, you'll be able to plug
machines in and have them assigned IP address without any intervention
from you.

Alright,
lets get started. Here's what you're going to need :

1
x Linux server - This could be an old 486 which you have lying around
and isn't much use anymore apart from being a high-tech dust collector.

1
x network interface card - It doesn't have to be 100Mbps - 10Mbps
will be fine although if you think that your DHCP server is going to be
overworked, then by all means go ahead and get a 100Mbps NIC.

1
x DHCP server software - you can get this from the ISC
*yeah - the folks that maintain the DHCP server binary that runs on Linux*.
The package provides everything you'll need including the DHCP client,
server and relay. Which allows you to manage more than one network segment.

1
x exsisting network with clients - I think you can figure that one
out for yourself.

Before
you get all excited and stuff and go download the server and install it,
keep in mind that DHCP will only prove beneficial for those of you that
have a lot of mobile users - people with laptops that work in and out
of the office.

How it works

I
won't go into the intricacies of installing the package itself, although
you can expect a fair bit of work using your tar -xvzf command *so be
prepared* :)

When
the DHCP server starts up [dhcpd], it reads the global configuration parameters
from the /etc/dhcp.conf file, which includes information like the name
of the server, domain, and so forth. DHCP stores the list of addresses
in memory for each of the subnets it is serving. When a DCHP client starts,
it requests an address from the server. The server looks up an available
address and assigns it to the client. Though DHCP is most well known for
it's ability to assign dynamic IP address, it can be configured to assign
static ones as well.

The
leases for your clients *the amount of time a client is allowed to hold
on to an IP address* can be changed from the default of one day to any
specific time period. I wouldn't recommend changing this from the default
since most users will HAVE to leave your office thus turning off and taking
their laptops with them when they leave. The DHCP server keeps tracks
of the leases across reboots of the clients or server. This is accomplished
through the use of the dhcpd.leases file which is typically stored in
/var/state/dhcp. After the initial read of the dhcpd.conf file, the server
proceeds to read the leases file and determine the current active leases.

Keep
in mind though, that unlike other services you may have running, dhcpd
does not re-read it's configuration file while it's running. You'll have
to restart the service if you make any changes to your configuration file
before they are made available. That isn't very difficult - just run /etc/rc.d/init.d/dhcp
restart and you're done.

Configuring
the DHCP server

Configuration
of the dhcpd.conf file is very straightforward and is pretty similar to
that of mserver or samba for that matter. The global configuration is
perhaps the most important as it contains basic information pertaining
to your subnet. Following that are the configuration declarations for
all subnets accessible from the server - this is stated regardless of
whether they need DHCP services or not.

In
the simplest form, a DHCP configuration contains a subnet address, netmaks
and the range of IP addresses. In other words, you might have something
like this :

subnet 192.168.1.1
netmask 255.255.255.0
range 192.168.1.10 192.168.1.50;

This
entry would apply to a class C network segment (192.168.1.1). However
only the IP address from 192.168.1.10 to 192.168.1.50 are made available.
Please do note that each entry is followed by a semi colon (;). Hosts can also be configured using the hosts option followed by the host
name. In general the syntax for the dhcpd.conf file is : option
option-name option-type

If you
want to assign a static IP address to specific machines, you'll need
to pay close attention to the hardware option (which currently only
supports token-ring and ethernet). The syntax here is to list the
type of hardware, followed by the MAC address of the interface device.
For example you might have something like this :

host hackinthebox
hardware ethernet
00:42:07:55:F2:01;
fixed-address 192.168.1.22

This
would allow you to define that the host hackinthebox is
to be assigned a fixed IP address of 192.168.1.22. The reason
the system is able to assign the fixed address is due to
the fact that the MAC address of the interface card on the
host (hackinthebox in this case) is unique. In order to
save you the trouble of defining rules for each of your
systems in your subnet, you could group systems together
and assign the same settings to a collection of systems
- certainly saves you a lot of trouble. This also comes
in handy for specifying a certain options for all machines
within a certain subnet. The keyword used is the group
keyword. Here's an example :

group
default-lease-time 30000;
option routers 192.168.1.11;
host hackinthebox
hardware ethernet 00:43:01:52:F7:04;
default-lease-time 500000;
host hackinthebox1 hardware ethernet
00:49:01:52:F6:01;
host hackinthebox2 hardware ethernet
01:41:02:45:F1:11;

In
this section we see that the default lease time is almost
4 days and the router is the machine 192.168.1.11. This
definition will apply to all three hosts that we listed
(hackinthebox, hackinthebox1, and hackinthebox2). However
in the case of hackinthebox, we have set the default lease
time to 50000 but the router definition still applies. See
how this could come in handy? Especially when you need to
have just one host on your subnet treated differently?

Since
I am really damn tired right now and a lazy mofo to boot, I am going to break this article up into two parts. So next
month I'll talk to you about this really nifty GUI application
you can use to administer your DHCP server as well as talk
a little about security and few other things to keep in
mind. Peace.


- L33tdawg

1.)
OsReview
: Mandrake Linux 7.0 Deluxe -
L33tdawg

2.)
Setting up
a DHCP server (Part 1) -
L33tdawg

3.)
Basic
Networking Guide -
Haven

4.)
How
To HaX0r1z3 your Toaster -
[SANiTY]

5.)
INFOSEC:
Theoretical vs. Practical Security
- Silere Praeses

6.)
Hop Box
- A telephone relay proposal -
Silere Praeses

7.)
Crippling
Windows -
xearthed

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes