Customized DHCP servers for added security.
Hey guys, not exactly a thread to do with the exploitation of networks, however it has to do with security of a  more personal and 'blue team' kind of nature.

What i am trying to achieve is have two network interfaces, say eth0 and eth1, eth0 connects to the DHCP server my router provides but i want to eth1 to connect to a DHCP server i set up locally.

DHCP servers are interesting from an OPSEC perspective. A lot of implementations allow the user to configure more than simple IP leases. 

My custom DHCP server would refer to a PAC/WPAD server that will provide a PAC script, a PAC script is a script for automating proxy management.

A typical PAC script might look like this. If you are familiar with JavaScript you might recognize the syntax.

function FindProxyForURL(url, host) {

// If the hostname matches, send direct.
if (dnsDomainIs(host, "") ||
shExpMatch(host, "(*|"))
return "DIRECT";

// If the protocol or URL matches, send direct.
if (url.substring(0, 4)=="ftp:" ||
shExpMatch(url, "*"))
return "DIRECT";

// If the requested website is hosted within the internal network, send direct.
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "", "") ||
isInNet(dnsResolve(host), "",  "") ||
isInNet(dnsResolve(host), "",  "") ||
isInNet(dnsResolve(host), "", ""))
return "DIRECT";

// If the IP address of the local machine is within a defined
// subnet, send to a specific proxy.
if (isInNet(myIpAddress(), "", ""))
return "PROXY";

// DEFAULT RULE: All other traffic, use below proxies, in fail-over order.
return "PROXY; PROXY";

Now say i would want the PAC script to govern which web resources get connected to via a proxy i would add an entry in my DHCP config file that refers to the server i set up to provide the PAC script. These entries might look like this.

option local-pac-server code 252 = text;
option local-pac-server “”;

So far so good, i know how to configure a DHCP server. However i am unsure as to how to set up an interface that uses the DHCP server i set up locally. I've been reading man pages and online resources since getting better at networking is really something i am quite keen on anyway. However the answer still eludes me.

I am not a networking expert so i apologize in advance if the answer might seem obvious to you, but i would appreciate any help, insight or tips you may be able to provide with regards to this.

Thanks guys.

Messages In This Thread
Customized DHCP servers for added security. - by Vector - 03-25-2019, 07:18 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Internet of Things (In)security - MQTT Protocol DeepLogic 0 1,493 05-29-2020, 03:09 AM
Last Post: DeepLogic
  [PDF] Maneuvering Around Clouds: Bypassing Cloud-based Security Providers XzLt 3 4,853 05-18-2017, 08:58 PM
Last Post: lunorian