Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dhcp.dhcp_build lease_time set to 1 second #2197

Closed
parinioa opened this issue Dec 3, 2020 · 1 comment
Closed

dhcp.dhcp_build lease_time set to 1 second #2197

parinioa opened this issue Dec 3, 2020 · 1 comment
Assignees

Comments

@parinioa
Copy link

parinioa commented Dec 3, 2020

The broadcast-dhcp-discover.nse tends to return very low lease times from DHCP servers.

dhcpd3 (configured default lease time 86400s)

| broadcast-dhcp-discover:
|   Response 1 of 1:
|     IP Offered: 10.1.1.192
|     DHCP Message Type: DHCPOFFER
|     Server Identifier: 10.1.1.1
|     IP Address Lease Time: 5m00s
|     Subnet Mask: 255.255.255.0
|     Router: 10.1.1.1
|     Time Server: 10.1.1.9
|     Domain Name Server: 10.1.1.9, 10.1.3.3
|     NTP Servers: 10.1.1.9
|     Renewal Time Value: 2m30s
|_    Rebinding Time Value: 4m22s

Windows Server 2016 (configured default lease time 8 days)

| broadcast-dhcp-discover:
|   Response 1 of 1:
|     IP Offered: 10.1.1.90
|     DHCP Message Type: DHCPOFFER
|     Subnet Mask: 255.255.255.0
|     Renewal Time Value: 0s
|     Rebinding Time Value: 0s
|     IP Address Lease Time: 1s
|_    Server Identifier: 10.1.1.126

Sometimes windows ignores the requested lease time.
Windows Server 2016 (configured default lease time 8 days)

| broadcast-dhcp-discover:
|   Response 1 of 1:
|     IP Offered: 10.1.1.90
|     DHCP Message Type: DHCPOFFER
|     Subnet Mask: 255.255.255.0
|     Renewal Time Value: 4d00h00m00s
|     Rebinding Time Value: 7d00h00m00s
|     IP Address Lease Time: 8d00h00m00s
|_    Server Identifier: 10.1.1.126

dhcp.dhcp_build crafts a DHCPREQUEST packet that requests a 1 second lease time. If this line is commented out the request does not specify the lease and the server configured default lease is sent in the DHCPOFFER reply
packet = packet .. string.pack(">BBI4", 0x33, 4, lease_time or 1) -- Lease time

@nnposter
Copy link

nnposter commented Dec 4, 2020

Thank you for pointing out the issue. Besides this one, the library behavior was also resulting in non-compliance with RFC 2131, which disallows option 51 in DHCPINFORM packets. In r38152, dhcp.dhcp_build has been changed to add option 51 only when the lease time parameter is not nil.

@nmap nmap deleted a comment Apr 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants