iTWire - Beware of rogue DHCP servers, warns Symantec

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Beware of rogue DHCP servers, warns Symantec

Beware of rogue DHCP servers, warns Symantec

E-mail

by Stephen Withers
Monday, 08 December 2008
Computers on a LAN may be pharmed by rogue DHCP servers created by malware, leading to Internet traffic being diverted to bogus or otherwise malicious sites. A security vendor says attack code is in the wild. Featured Whitepaper 5 Best Practices for Smartphone Support DHCP is a mechanism commonly used to automatically assign IP addresses to computers and other devices on a local network. It also provides the client systems with the address of the DNS server(s) they should use. Using a malicious DNS server to divert traffic to malicious sites is known as pharming. A pharmed user may type a bank URL directly into the browser (as recommended by most financial institutions), but may end up on a fake site designed to capture login details to aid in making fraudulent transactions. According to Symantec, a Trojan it has dubbed Flush.M sets up a rogue DHCP server on the victim's PC. When other systems on the LAN make a DHCP request to receive or renew an IP address, Flush.M responds. If the requesting system receives Flush.M's response before that of the real DHCP server, it will start using the malicious DNS server(s) rather than those specified by the real network administrator. This can be done by infecting just one PC on the LAN, and it can potentially divert the traffic from any other device, regardless of its operating system. Furthermore, security software running on those other devices is unlikely to find anything wrong. Symantec suggests network administrators should watch for DHCP offers originating from addresses other than their DHCP servers, and that they monitor or block traffic to the IP address range 85.255.112.0 to 85.255.127.255, which includes known malicious DNS servers. Tags See All Tags DNS Malware Networking Security Stephen Withers Trojan Trojan Horse Trojans Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking