Rogue DHCP - Is this possible to exploit?

repne · Apr 2, 2015, 8:11 PM

Perhaps a stupid question, but I guess it doesn't hurt to ask.

Suppose I have a pfSense router with a LAN interface that has a static IP address of 192.168.1.1/24, and the WebUI is accessible from this network. I also have a WAN interface that is configured as a DHCP client and gets its IP address from the ISP or the "parent" DHCP server. Now suppose the ISP decides for some strange reason to reset the connection and program its DHCP server to offer my router an IP address of 192.168.1.1 which is the same as the one on the LAN.

Does that make the WebUI accessible from the WAN?

doktornotor · Apr 2, 2015, 8:13 PM

Uhm. Having WAN and LAN on the same subnet will make your router completely broken…

Derelict · Apr 2, 2015, 9:25 PM

Don't use anything in the following ranges for local networks ever: 10.0.0.0/8, 192.168.0.0/24, 192.168.1.0/24. Adhering to this simple rule will reduce your likelihood of conflicting with someone else by like 99.9%.

johnpoz · Apr 2, 2015, 9:42 PM

No that does not make the webgui available via the wan.. Does not matter what IP you have on the wan.. Do you have a rule on your wan interface to allow access to 80/443 or whatever port you have your webgui listening on. If not then no it would not be available no matter what the IP was.

repne · Apr 4, 2015, 8:08 PM

Thanks. Also protected, if you have Block Bogon/Private networks enabled on WAN.