[RndTbl] Shaw DHCP weirdness or attack?

Colin Stanners cstanners at gmail.com
Wed Dec 5 13:20:28 CST 2012

My random guess is that their DHCP server is sending out DHCP packets
that are bigger (these days) than their routers are used to forwarding
for DHCP-relay. How big are the packets?

On 12/5/12, Sean Walberg <sean at ertw.com> wrote:
> On Wed, Dec 5, 2012 at 12:31 PM, Trevor Cordes <trevor at tecnopolis.ca>
> wrote:
>> Hmm, I'm not sure I follow... been up too long!  Not sure why Shaw's
>> routers would relay bc's across subnets sourced from random nitwit's
>> broken client/router?  This is type "Boot Reply (2)" which should be
>> coming from the DHCP server back to the client?
> I'd be interested to see the packet.
> At least with ARPs you see all sorts of subnet leakage. Do a "tcpdump arp"
> some day and watch for stuff that doesn't belong, most of it comes from
> Shaw routers.
> Sean
> --
> Sean Walberg <sean at ertw.com>    http://ertw.com/

More information about the Roundtable mailing list