Package: isc-dhcp-client Version: 4.3.1-6+deb8u2 Severity: serious File: /sbin/dhclient Tags: security
https://samy.pl/poisontap/ This is a variation on an ancient "gem" by a DSL Modem vendor where the router pretends to be the entire internet by spoofing arp so that it captures all traffic. The best way to deal with this is to set an upper limit on the size of acceptable netmask in /etc/default/isc-dhcp-client and verify it in a hook (which can be debian specific). This way dhcp reply of 0.0.0.0/0 or anything larger than a class A will raise a security alert instead of blindly exposing the machine to a spoofing attack. -- System Information: Debian Release: 8.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages isc-dhcp-client depends on: ii debianutils 4.4+b1 ii iproute2 3.16.0-2 ii isc-dhcp-common 4.3.1-6+deb8u2 ii libc6 2.19-18+deb8u6 ii libdns-export100 1:9.9.5.dfsg-9+deb8u7 ii libirs-export91 1:9.9.5.dfsg-9+deb8u7 ii libisc-export95 1:9.9.5.dfsg-9+deb8u7 isc-dhcp-client recommends no packages. Versions of packages isc-dhcp-client suggests: pn avahi-autoipd <none> pn resolvconf <none> -- no debconf information
