ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Concern Around Hackers Using DHCP Pool

    Scheduled Pinned Locked Moved IT Discussion
    56 Posts 8 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by scottalanmiller

      This is a fork that looks weird, @Dashrender was concerned about having a guest network that used central DNS and DHCP services. So @JaredBusch asked why.

      Why make a VLAN?

      UniFi has native guest functionality, that I have never tried, does that not suffice?

      DashrenderD 1 Reply Last reply Reply Quote 3
      • DashrenderD
        Dashrender @JaredBusch
        last edited by

        @JaredBusch said in Unifi switch - tagged traffic issues:

        Why make a VLAN?

        UniFi has native guest functionality, that I have never tried, does that not suffice?

        I have, but after a report I heard about last week where a university was brought to its knees by IOT devices that were on a separate network, but DNS was allowed to use the production DNS servers. The IOT devices were hacked, they then where making so many DNS requests that that the production DNS servers starting having load issues - after the Network guys started looking into it, they realized that the IOT devices (5000+ devices, lamps, vending machines, etc) were infected.

        They then realized that allowing the IOT network to use the production network was a bad call.

        OK All that said - that's exactly how the Unifi Guest network works, except that I should mention that the Unifi Guest network also pulls IPs from the production LAN DHCP space, another possible cause for problems.

        I know these things because I did test it.

        As for the rest of VLANs, yeah shutup and get off my lawn - legacy not removed yet.
        😉

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in Unifi switch - tagged traffic issues:

          @JaredBusch said in Unifi switch - tagged traffic issues:

          Why make a VLAN?

          UniFi has native guest functionality, that I have never tried, does that not suffice?

          I have, but after a report I heard about last week where a university was brought to its knees by IOT devices that were on a separate network, but DNS was allowed to use the production DNS servers. The IOT devices were hacked, they then where making so many DNS requests that that the production DNS servers starting having load issues - after the Network guys started looking into it, they realized that the IOT devices (5000+ devices, lamps, vending machines, etc) were infected.

          They then realized that allowing the IOT network to use the production network was a bad call.

          OK All that said - that's exactly how the Unifi Guest network works, except that I should mention that the Unifi Guest network also pulls IPs from the production LAN DHCP space, another possible cause for problems.

          I know these things because I did test it.

          As for the rest of VLANs, yeah shutup and get off my lawn - legacy not removed yet.
          😉

          The issue there was putting unsecured IoT devices on their network. They you are doing that... stop.

          1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender
            last edited by

            Unifi's guest still uses all the production network services.

            stacksofplatesS scottalanmillerS 2 Replies Last reply Reply Quote 0
            • stacksofplatesS
              stacksofplates @Dashrender
              last edited by

              @Dashrender said in Unifi switch - tagged traffic issues:

              Unifi's guest still uses all the production network services.

              I don't really see the issue. In terms of what you posted, just shut the guest network off then. You would essentially have to do the same thing if it was its own VLAN anyway.

              1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said in Unifi switch - tagged traffic issues:

                Unifi's guest still uses all the production network services.

                What's the concern there?

                brianlittlejohnB 1 Reply Last reply Reply Quote 0
                • Mike DavisM
                  Mike Davis
                  last edited by

                  I think were @Dashrender is going is that if you use the Unifi guest service and it's using your production DHCP and DNS servers, and then those devices get hacked, they can take down your production DNS/DHCP servers. If they are on their own VLAN and using their own DHCP/DNS servers, yuo are mitigating some of that threat.

                  DashrenderD 1 Reply Last reply Reply Quote 2
                  • DashrenderD
                    Dashrender @Mike Davis
                    last edited by

                    @Mike-Davis said in Unifi switch - tagged traffic issues:

                    I think were @Dashrender is going is that if you use the Unifi guest service and it's using your production DHCP and DNS servers, and then those devices get hacked, they can take down your production DNS/DHCP servers. If they are on their own VLAN and using their own DHCP/DNS servers, yuo are mitigating some of that threat.

                    This exactly - and just to clarify a tiny bit - the bits getting hacked are the IOT/guest network devices, not DHCP/DNS.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said in Unifi switch - tagged traffic issues:

                      @Mike-Davis said in Unifi switch - tagged traffic issues:

                      I think were @Dashrender is going is that if you use the Unifi guest service and it's using your production DHCP and DNS servers, and then those devices get hacked, they can take down your production DNS/DHCP servers. If they are on their own VLAN and using their own DHCP/DNS servers, yuo are mitigating some of that threat.

                      This exactly - and just to clarify a tiny bit - the bits getting hacked are the IOT/guest network devices, not DHCP/DNS.

                      You think that your guests in the office are attacking your DNS and DHCP services? And you feel that your DNS and DHCP are that fragile to be a concern to that degree?

                      Mike DavisM DashrenderD travisdh1T 3 Replies Last reply Reply Quote 0
                      • Mike DavisM
                        Mike Davis @scottalanmiller
                        last edited by

                        @scottalanmiller said in Unifi switch - tagged traffic issues:

                        You think that your guests in the office are attacking your DNS and DHCP services? And you feel that your DNS and DHCP are that fragile to be a concern to that degree?

                        Conceptually, it wouldn't take much for a whole bunch of devices to request enough DHCP leases that it would prevent legit devices from obtaining a lease. If your guest wifi DHCP server is separate from your production subnet, you mitigate that threat.

                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                        • DashrenderD
                          Dashrender @scottalanmiller
                          last edited by

                          @scottalanmiller said in Unifi switch - tagged traffic issues:

                          @Dashrender said in Unifi switch - tagged traffic issues:

                          @Mike-Davis said in Unifi switch - tagged traffic issues:

                          I think were @Dashrender is going is that if you use the Unifi guest service and it's using your production DHCP and DNS servers, and then those devices get hacked, they can take down your production DNS/DHCP servers. If they are on their own VLAN and using their own DHCP/DNS servers, yuo are mitigating some of that threat.

                          This exactly - and just to clarify a tiny bit - the bits getting hacked are the IOT/guest network devices, not DHCP/DNS.

                          You think that your guests in the office are attacking your DNS and DHCP services? And you feel that your DNS and DHCP are that fragile to be a concern to that degree?

                          You missed the whole point of the story I posted above. It's not about them being attacked per se, they weren't being attacked in my story above either - but they were being saturated by compromised things on what was believed to be a separated network.

                          And I'll be happy to keep talking about this, but only if you split the thread. Thanks.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @Mike Davis
                            last edited by

                            @Mike-Davis said in Unifi switch - tagged traffic issues:

                            @scottalanmiller said in Unifi switch - tagged traffic issues:

                            You think that your guests in the office are attacking your DNS and DHCP services? And you feel that your DNS and DHCP are that fragile to be a concern to that degree?

                            Conceptually, it wouldn't take much for a whole bunch of devices to request enough DHCP leases that it would prevent legit devices from obtaining a lease. If your guest wifi DHCP server is separate from your production subnet, you mitigate that threat.

                            That's a pretty sad thing to have to worry about. This can't be a legitimate concern. That would do nothing. A denial of service that no one would even notice.

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said in Unifi switch - tagged traffic issues:

                              @scottalanmiller said in Unifi switch - tagged traffic issues:

                              @Dashrender said in Unifi switch - tagged traffic issues:

                              @Mike-Davis said in Unifi switch - tagged traffic issues:

                              I think were @Dashrender is going is that if you use the Unifi guest service and it's using your production DHCP and DNS servers, and then those devices get hacked, they can take down your production DNS/DHCP servers. If they are on their own VLAN and using their own DHCP/DNS servers, yuo are mitigating some of that threat.

                              This exactly - and just to clarify a tiny bit - the bits getting hacked are the IOT/guest network devices, not DHCP/DNS.

                              You think that your guests in the office are attacking your DNS and DHCP services? And you feel that your DNS and DHCP are that fragile to be a concern to that degree?

                              You missed the whole point of the story I posted above. It's not about them being attacked per se, they weren't being attacked in my story above either - but they were being saturated by compromised things on what was believed to be a separated network.

                              And I'll be happy to keep talking about this, but only if you split the thread. Thanks.

                              And.... so? What I don't get is... who cares? You are going to invest time and effort mitigating a completely non-threatening threat? Why?

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                This is a case of SMBs getting worked up over a real, but totally trivial, concern that just doesn't matter. And spending effort trying to mitigate something totally pointless, when there is so much important stuff that could be done. Is it a threat? Yeah, sure. Does it matter if someone does this to you? no, not in the least. Not in your business, not in a normal business.

                                Who would do this, it makes no sense.

                                1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by Dashrender

                                  @scottalanmiller said in Unifi switch - tagged traffic issues:

                                  @Mike-Davis said in Unifi switch - tagged traffic issues:

                                  @scottalanmiller said in Unifi switch - tagged traffic issues:

                                  You think that your guests in the office are attacking your DNS and DHCP services? And you feel that your DNS and DHCP are that fragile to be a concern to that degree?

                                  Conceptually, it wouldn't take much for a whole bunch of devices to request enough DHCP leases that it would prevent legit devices from obtaining a lease. If your guest wifi DHCP server is separate from your production subnet, you mitigate that threat.

                                  That's a pretty sad thing to have to worry about. This can't be a legitimate concern. That would do nothing. A denial of service that no one would even notice.

                                  Actually, there is real potential for someone to notice in my current setup. I only have around 200 IPs in my current pool. Plus I have about 15 people who come in and out of the office legitimately. So if some hacker comes in and steals all of my open IPs, there won't be any left when any of those traveling folks return. And because the idea is to share this range with the public who is changing near hourly, my leases would need to be very short so I don't run out - of course the short leases are helpful in this situation, but nothing stops someone from sitting on my network for a while continuously hogging IPs just to be a jerk.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Dashrender
                                    last edited by

                                    @Dashrender said in Unifi switch - tagged traffic issues:

                                    @scottalanmiller said in Unifi switch - tagged traffic issues:

                                    @Mike-Davis said in Unifi switch - tagged traffic issues:

                                    @scottalanmiller said in Unifi switch - tagged traffic issues:

                                    You think that your guests in the office are attacking your DNS and DHCP services? And you feel that your DNS and DHCP are that fragile to be a concern to that degree?

                                    Conceptually, it wouldn't take much for a whole bunch of devices to request enough DHCP leases that it would prevent legit devices from obtaining a lease. If your guest wifi DHCP server is separate from your production subnet, you mitigate that threat.

                                    That's a pretty sad thing to have to worry about. This can't be a legitimate concern. That would do nothing. A denial of service that no one would even notice.

                                    Actually, there is real potential for someone to notice in my current setup. I only have around 200 IPs in my current pool. Plus I have about 15 people who come in and out of the office legitimately. So if some hacker comes in and steals all of my open IPs, there won't be any left when any of those traveling folks return. And because the idea is to share this range with the public who is changing near hourly, my leases would need to be very short so I don't run out - of course the short leases are helpful in this situation, but nothing stops someone from sitting on my network for a while continuously hogging IPs just to be a jerk.

                                    This is exactly what I mean. That makes zero sense. And don't call someone taking your IPs a hacker, but that highlights how silly this is. Taking your IPs does effectively nothing to you. It can only be done by someone sitting in your office, it gains them nothing, puts you at no risk and all it does it inconvenience you by needing to release the leases. Whoop-tee-do. Threat level: zero.

                                    1 Reply Last reply Reply Quote 0
                                    • brianlittlejohnB
                                      brianlittlejohn @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Concern Around Hackers Using DHCP Pool:

                                      @Dashrender said in Unifi switch - tagged traffic issues:

                                      Unifi's guest still uses all the production network services.

                                      What's the concern there?

                                      Licensing could be an issue if you are running Windows DHCP/DNS.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • dafyreD
                                        dafyre
                                        last edited by dafyre

                                        @scottalanmiller said:

                                        Threat level: zero.

                                        Incoming Phone Call From Agitated Employee Level: 15

                                        If some device (IOT device, malicious employee, etc) is sitting on his network grabbing every IP address they can, that eventually becomes a Denial of Service attack. While "only" an inconvenience to him and the employee(s) / devices that has to wait on a valid IP address, it still leads to phone calls and agitated users.

                                        If the only cost is my time, I'll choose mitigation every time. Although I agree with your assessment that if you're using a known insecure IOT device on your network, get it off!

                                        scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @brianlittlejohn
                                          last edited by

                                          @brianlittlejohn said in Concern Around Hackers Using DHCP Pool:

                                          @scottalanmiller said in Concern Around Hackers Using DHCP Pool:

                                          @Dashrender said in Unifi switch - tagged traffic issues:

                                          Unifi's guest still uses all the production network services.

                                          What's the concern there?

                                          Licensing could be an issue if you are running Windows DHCP/DNS.

                                          That was covered in the other thread and makes sense. But doesn't address the "hacking" concern.

                                          brianlittlejohnB 1 Reply Last reply Reply Quote 0
                                          • brianlittlejohnB
                                            brianlittlejohn @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in Concern Around Hackers Using DHCP Pool:

                                            @brianlittlejohn said in Concern Around Hackers Using DHCP Pool:

                                            @scottalanmiller said in Concern Around Hackers Using DHCP Pool:

                                            @Dashrender said in Unifi switch - tagged traffic issues:

                                            Unifi's guest still uses all the production network services.

                                            What's the concern there?

                                            Licensing could be an issue if you are running Windows DHCP/DNS.

                                            That was covered in the other thread and makes sense. But doesn't address the "hacking" concern.

                                            Didn't see the other thread.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post