Home > IT Answers > Security > Hacking and sabotaging
Help

Question

  Asked: Apr 9 2008   9:04 PM GMT
  Asked by: Trapdoor3

Hacking and sabotaging


Hacking, Security, Network security

Recently I have noticed that my computer will randomly loose connection to the network. Today it happened three times, when I looked in the event viewer this is what I found:

`The DHCP Client service was successfully sent a stop control.`

This done by another user in my office and on my network.

Does this mean that this person is hacking into my system and remotely cutting off my network connections?

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
Last Answered: Jun 18 2008  8:45 AM GMT  by Srkey


Latest Contributors: Labnuke99, The Geek


====================
Original answer by Labnuke99 that seems to have been somehow overwritten

Stopping the DHCP client service by itself should not disconnect your device from the network. However, if that person's login has the appropriate authority through their user credentials (local or domain administrator) they could easily shutdown any or all services on your computer. DHCP is used to request/register IP addresses for client devices. A device typically keeps its assigned IP address until it is powered off or the lease has completely expired.

I don't know if you might have been doing some type of non-business activity to warrant whatever this other person might have done to break your network access. I would suggest that you ask them what they were doing on the network to possibly create the issues you are describing. I would also recommend having someone from IT with you during the conversation to help understand what is being said.
====================

You don't give any specific details about your network, so I have to assume it's a corporate setting. If so, someone who has access to the servers on your network could execute remote commands, in this case the command "sc stop DHCP."

This could also indicate someone trying to take advantage of a known vulnerability in the DHCP Client Service, that's detailed in CVE-2006-2372 "Vulnerability in DHCP Client Service Could Allow Remote Code Execution (MS06-036)." The giveaway is that you say it was done by another user on your network. The vulnerability requires that: "For an attack to be successful the attacker must send the affected host a specially crafted DHCP response communication from the same network subnet."

You should immediately download and apply the patch to your system; the various versions are listed in the article linked to above.

You can not simply disable DHCP Client service even if you assign a static address because dhcp client service is used also for registering dns name regardless is it static or dynamic addressing in place.

Hope this helps.

You can keep up with various security issues at Security Corner.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security and Networking.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register