Customized DHCP servers for added security.
#1
Hey guys, not exactly a thread to do with the exploitation of networks, however it has to do with security of a  more personal and 'blue team' kind of nature.

What i am trying to achieve is have two network interfaces, say eth0 and eth1, eth0 connects to the DHCP server my router provides but i want to eth1 to connect to a DHCP server i set up locally.

DHCP servers are interesting from an OPSEC perspective. A lot of implementations allow the user to configure more than simple IP leases. 

My custom DHCP server would refer to a PAC/WPAD server that will provide a PAC script, a PAC script is a script for automating proxy management.

A typical PAC script might look like this. If you are familiar with JavaScript you might recognize the syntax.

Code:
function FindProxyForURL(url, host) {

// If the hostname matches, send direct.
if (dnsDomainIs(host, "intranet.domain.com") ||
shExpMatch(host, "(*.abcdomain.com|abcdomain.com)"))
return "DIRECT";

// If the protocol or URL matches, send direct.
if (url.substring(0, 4)=="ftp:" ||
shExpMatch(url, "http://abcdomain.com/folder/*"))
return "DIRECT";

// If the requested website is hosted within the internal network, send direct.
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";

// If the IP address of the local machine is within a defined
// subnet, send to a specific proxy.
if (isInNet(myIpAddress(), "10.10.5.0", "255.255.255.0"))
return "PROXY 1.2.3.4:8080";

// DEFAULT RULE: All other traffic, use below proxies, in fail-over order.
return "PROXY 4.5.6.7:8080; PROXY 7.8.9.10:8080";

Now say i would want the PAC script to govern which web resources get connected to via a proxy i would add an entry in my DHCP config file that refers to the server i set up to provide the PAC script. These entries might look like this.

Code:
option local-pac-server code 252 = text;
option local-pac-server “http://wpad.example.com:80/wpad.dat”;

So far so good, i know how to configure a DHCP server. However i am unsure as to how to set up an interface that uses the DHCP server i set up locally. I've been reading man pages and online resources since getting better at networking is really something i am quite keen on anyway. However the answer still eludes me.

I am not a networking expert so i apologize in advance if the answer might seem obvious to you, but i would appreciate any help, insight or tips you may be able to provide with regards to this.


Thanks guys.
Reply


Messages In This Thread
Customized DHCP servers for added security. - by Vector - 03-25-2019, 07:18 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Internet of Things (In)security - MQTT Protocol DeepLogic 0 1,493 05-29-2020, 03:09 AM
Last Post: DeepLogic
  [PDF] Maneuvering Around Clouds: Bypassing Cloud-based Security Providers XzLt 3 4,853 05-18-2017, 08:58 PM
Last Post: lunorian