Concern Around Hackers Using DHCP Pool
-
@Dashrender said in Concern Around Hackers Using DHCP Pool:
@scottalanmiller said in Concern Around Hackers Using DHCP Pool:
@dafyre said in Concern Around Hackers Using DHCP Pool:
If the only cost is my time, I'll choose mitigation every time. Although I agree with your assessment that if you're using a known insecure IOT device on your network, get it off!
So you'd like to waste your time mitigating a threat that is a million to one would ever happen and has effectively no penalty even if it does happen?
This is the "shoot yourself in the face today to avoid a headache tomorrow" problem. More effort to prevent something than if the thing actually happened - and a thing that has no real world chance of happening.
Actually, that's completely false. This has happened to me. We lease space in another doctors office. They ran out of IPs. Their own IT person didn't figure this out... I had to go out there and show them that my devices weren't getting an IP. He looked - oh yeah.. OK I'll fix it.
And whatever his fix was, it didn't fix it, because it happened again the following week.
And it was an attack? Or just shared DHCP space with someone who didn't know what he was doing? I never said you'd never run out of addresses. I said that the attack you are preparing to defend against will never happen. Your example is very different.
-
I will grant you that the attack is extremely unlikely either against DNS or DHCP, but considering it takes seconds to setup, I don't see the harm in it either. Coupled with the already stated fact of the Windows licensing makes it a requirement in my case since I don't want to setup completely separate APs for guest access.
-
@Dashrender said in Concern Around Hackers Using DHCP Pool:
I will grant you that the attack is extremely unlikely either against DNS or DHCP, but considering it takes seconds to setup, I don't see the harm in it either. Coupled with the already stated fact of the Windows licensing makes it a requirement in my case since I don't want to setup completely separate APs for guest access.
Takes seconds? You are having nothing but issues because of wanting a VLAN.
-
@JaredBusch said in Concern Around Hackers Using DHCP Pool:
@Dashrender said in Concern Around Hackers Using DHCP Pool:
I will grant you that the attack is extremely unlikely either against DNS or DHCP, but considering it takes seconds to setup, I don't see the harm in it either. Coupled with the already stated fact of the Windows licensing makes it a requirement in my case since I don't want to setup completely separate APs for guest access.
Takes seconds? You are having nothing but issues because of wanting a VLAN.
Thanks - it's true I have a current issue, that's related to VLANs - but this guest network is not one of them. That was installed and working in only seconds longer than it would have taken if I didn't have a VLAN. my current issues are around a legacy network.
-
@Dashrender said in Concern Around Hackers Using DHCP Pool:
@JaredBusch said in Concern Around Hackers Using DHCP Pool:
@Dashrender said in Concern Around Hackers Using DHCP Pool:
I will grant you that the attack is extremely unlikely either against DNS or DHCP, but considering it takes seconds to setup, I don't see the harm in it either. Coupled with the already stated fact of the Windows licensing makes it a requirement in my case since I don't want to setup completely separate APs for guest access.
Takes seconds? You are having nothing but issues because of wanting a VLAN.
Thanks - it's true I have a current issue, that's related to VLANs - but this guest network is not one of them. That was installed and working in only seconds longer than it would have taken if I didn't have a VLAN. my current issues are around a legacy network.
https://mangolassi.it/topic/12645/unifi-switch-tagged-traffic-issues
Wasn't this thread started because you couldn't get it to work?
-
@Dashrender said in Concern Around Hackers Using DHCP Pool:
I will grant you that the attack is extremely unlikely either against DNS or DHCP, but considering it takes seconds to setup, I don't see the harm in it either. Coupled with the already stated fact of the Windows licensing makes it a requirement in my case since I don't want to setup completely separate APs for guest access.
If it only took seconds, took nothing to maintain, added no complexity to the network and was just as easy to hand over to someone else, then I'd agree.
-
@stacksofplates said in Concern Around Hackers Using DHCP Pool:
@Dashrender said in Concern Around Hackers Using DHCP Pool:
@JaredBusch said in Concern Around Hackers Using DHCP Pool:
@Dashrender said in Concern Around Hackers Using DHCP Pool:
I will grant you that the attack is extremely unlikely either against DNS or DHCP, but considering it takes seconds to setup, I don't see the harm in it either. Coupled with the already stated fact of the Windows licensing makes it a requirement in my case since I don't want to setup completely separate APs for guest access.
Takes seconds? You are having nothing but issues because of wanting a VLAN.
Thanks - it's true I have a current issue, that's related to VLANs - but this guest network is not one of them. That was installed and working in only seconds longer than it would have taken if I didn't have a VLAN. my current issues are around a legacy network.
https://mangolassi.it/topic/12645/unifi-switch-tagged-traffic-issues
Wasn't this thread started because you couldn't get it to work?
No, that thread - where I am still having problems - is because I can't get my phones to work on their designated VLAN - has nothing to do with Guest access.
-
@Dashrender said in Concern Around Hackers Using DHCP Pool:
@stacksofplates said in Concern Around Hackers Using DHCP Pool:
@Dashrender said in Concern Around Hackers Using DHCP Pool:
@JaredBusch said in Concern Around Hackers Using DHCP Pool:
@Dashrender said in Concern Around Hackers Using DHCP Pool:
I will grant you that the attack is extremely unlikely either against DNS or DHCP, but considering it takes seconds to setup, I don't see the harm in it either. Coupled with the already stated fact of the Windows licensing makes it a requirement in my case since I don't want to setup completely separate APs for guest access.
Takes seconds? You are having nothing but issues because of wanting a VLAN.
Thanks - it's true I have a current issue, that's related to VLANs - but this guest network is not one of them. That was installed and working in only seconds longer than it would have taken if I didn't have a VLAN. my current issues are around a legacy network.
https://mangolassi.it/topic/12645/unifi-switch-tagged-traffic-issues
Wasn't this thread started because you couldn't get it to work?
No, that thread - where I am still having problems - is because I can't get my phones to work on their designated VLAN - has nothing to do with Guest access.
Ah ok. I just have a hard time believing you set up firewall ACLs and switch interfaces in a few seconds.
-
The title of this thread was also not my intention in this off shoot discussion.
The purpose was to show that using corporate resources could lead to problems on the corporate network.
In the case of the college, their dedicated IOT network was using DNS from their corporate network. This IOT network was dedicated for college resources - like vending machines and street lights, etc. Over 5000 devices.My intention was more about how an infection on a guest network with access to corporate resources, COULD effect those resources, and as such, simple mitigations could solve this issue.
-
@Dashrender said in Concern Around Hackers Using DHCP Pool:
The title of this thread was also not my intention in this off shoot discussion.
The purpose was to show that using corporate resources could lead to problems on the corporate network.
In the case of the college, their dedicated IOT network was using DNS from their corporate network. This IOT network was dedicated for college resources - like vending machines and street lights, etc. Over 5000 devices.My intention was more about how an infection on a guest network with access to corporate resources, COULD effect those resources, and as such, simple mitigations could solve this issue.
Well you brought it up in the context of a small medical office and that's what we were responding to. This thread started specifically about that and it was @JaredBusch that started it. So that IoT stuff is out of scope. You could have ANOTHER thread about IoT dangers, but that's unrelated to what Jared and I were discussing with you.
-
@Dashrender said in Concern Around Hackers Using DHCP Pool:
In the case of the college, their dedicated IOT network was using DNS from their corporate network.
Then it wasn't dedicated
-
@scottalanmiller said in Concern Around Hackers Using DHCP Pool:
@Dashrender said in Concern Around Hackers Using DHCP Pool:
In the case of the college, their dedicated IOT network was using DNS from their corporate network.
Then it wasn't dedicated
No, clearly it wasn't dedicated.
