2 blogs talking about DHCP fingerprinting in 2 days, not bad. The 2nd one may have been inspired by the first since it links to it, but it also has a link to my BH briefing, so hey, I can't complain.
Meraki did the first one yesterday. (I love Google Alerts) I've tried to contact Hans about what they are doing (option55 data only, or more like I'm doing with the dhcp.xml file), so far I haven't heard anything back, but it was a Friday. We'll see if I get any response or not. If anyone has a POC for Meraki maybe check into it for me.
The second blog was from coova.org. They have a link to David and my Blackhat Presentation from 2007 for those that haven't looked at it before. He mentions a product CoovaRADIUS which I hadn't heard of before (nor had I heard of Meraki for that matter). It appears CoovaRADIUS can do dhcp fingerprinting via CoovaChilli. They appear to be using the packetfence data, so just option55 without taking into account if it is a Request/Discover/Offer/Inform/etc packet. May have to try to get a hold of the developer there too and see if they are interested in trying to use the dhcp.xml file. Always good to get more people using it, thereby expanding the database as more people have access to more devices.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment