DHCP and the Resulting Theoretical Attacks

It was a pleasure.

Even so, by the standards you are placing on others now, your effort then, (A "tutorial" in your own words), is incomplete and overly simplistic, (can you hear an echo?).

Since it is more than a year since your last tutorial maybe you would like to show us all how it is done. Apply your standards and "wow" us all with it please.

Otherwise your only purpose in any recent post you have made in the forum is criticism for criticism's sake, which is even less beneficial than the "half assed" attempts at tutorials you are accusing everyone of.

While I could be on crack, I don't think chsh is making his posts to attack members personally. He seems to be calling for us to improve the quality of the tutorials currently being posted.

The post above is a prime example imo. He openly states he was too lazy/busy to do 'X'. If you are making a tutorial for the other users then maybe you should hold yourself to a higher standard with that piece of writing and do 'X'. Maybe do some quick searching to find examples of the possible attacks or other papers on the theory behind them. You should definitely also at least take the next step and do some quick research on how to stop those attacks and either explain it or at least post some references to how to do so.

el > The prime post in this thread doesn't quite qualify as a paper. If it did then the rest of this thread probably would have never been started. There is no citation of references and so on, the basic structure is somewhat off, etc. For reference - http://webster.commnet.edu/mla/index.shtml

But then that is all beside the point....

I think it is a decent enough start, but it could use some work to make it more useful to the rest of our community.

PS. If you need someplace to start doing any of the research mentioned above please click the link in my sig.

Quote:

---

el > The prime post in this thread doesn't quite qualify as a paper. If it did then the rest of this thread probably would have never been started. There is no citation of references and so on, the basic structure is somewhat off, etc. For reference - http://webster.commnet.edu/mla/index.shtml

---

I think you misunderstood me, I mean that the thing cshs seems to expect from the things posted here is called a paper and not a tutorial.

Ahhh....I thought you were saying that HT's post was supposed to be a paper. My bad.

Quote:

---

I'm sure that you all can add to this

---

okay okay let's see how chsh added to this disscussion

Quote:

---

IMO More disservice is done by the large number of half-efforts presented as tutorials. This is supposed to be a security site. This is not a tutorial. This is the Security Tutorials section. Do the math.

---

Okay, this is good. This adds a little bit more depth to where HTregz left off. Let's see what else was added to the discussion "about the discussion"

Quote:

---

Several of those attacks can be defeated, but I am wondering how exactly this qualifies as a tutorial at all, let alone a security tutorial. It doesn't cover securing the system, it doesn't really cover how to break the system, and it doesn't cover how to implement DHCP pretty well at all. Your "tutorial" gives a brief "how dhcp works" bit and then goes on to talk about potential flaws -- the majority of which are preventable with switches you seem to believe are expensive.
Check out Cisco's Cayalyst 2950, or the low-end Baystacks. The features to limit certain types of traffic (DHCP) on the switch have been there for a while, and has become mainstream, so most admins should be able to secure DHCP on their networks from these sorts of attacks.
At any rate, Thumbs Down, this isn't a tutorial, doesn't belong here, and none of the information is explored sufficiently. Why is it a cursory mention of "this can be done" is acceptable around here anymore?

---

Okay this is also good. chsh decides instead of taking the obvious route of explaining how the attacks can be defeated goes even further and decides to explain ways of defeating other members contributions. Okay, let's look for one more good example:

Quote:

---

My tutorial then was not posted here, and it was indeed more than "this can be done" as I illustrated how to go about enumerating the information. Things do change, which is precisely what I was saying. Thank you for further illustrating my point.

---

A great final point to really leave readers something to think on. It turns out that chsh is really better than everyone else!

I have said it before and I will say it again, why in God's name would you get involved in a discussion if you have nothing to add. If you don't think he added enough, then why the hell don't YOU stop being lazy and pick up where he left off. He asked everyone to. And don't come back and post something like "Well it wasn't my tutorial," or "It wasn't my responsibility," well no it isn't. But you know what, this is a community, and if you want to be active in this community then yes, it is your duty. If you have something to add that can benefit someone else, then spreading your knowledge should be your main concern. And last time I checked, eveyone here knows how to talk s***, so no one needs any more help there.

Quote:

---

Originally posted here by Tiger Shark
It was a pleasure.

Even so, by the standards you are placing on others now, your effort then, (A "tutorial" in your own words), is incomplete and overly simplistic, (can you hear an echo?).

---

Excellent warping of the context of my words.

Quote:

---

http://dictionary.reference.com/search?q=tutorial
tu·to·ri·al ( P ) Pronunciation Key (t-tôr-l, -tr-, ty-)
adj.
Of or relating to tutors or a tutor.
n.
Something that provides special, often individual instruction, especially:
1. A book or class that provides instruction in a particular area.
2. Computer Science. A program that provides instruction for the use of a system or of software.

---

This would indicate a tutorial would instruct a person. This particular "tutorial" reads more like an advisory ("These attacks can be done") coupled with some good information about DHCP itself. That particular tutorial you are referring to was liberally identified as a mini-tutorial for the very purpose of what you are doing now. It was intended to be a short version of a much longer tutorial, which is as it turned out. The resulting tutorial was never posted to AO because of other things going on at the time, however I do believe I still have it on a backup CD somewhere. You can clearly see the difference between the tutorial you are discussing from over two years ago and this tutorial, as well as many other recent tutorials, among them tutorials posted by yourself. In addition to that, I did include links to further relevant information. This has not been done here. "I'm lazy" is not an excuse to post something half finished IMO.

Quote:

---

Since it is more than a year since your last tutorial maybe you would like to show us all how it is done. Apply your standards and "wow" us all with it please.

---

I do not have personal webspace at the moment. When I do, I will.

Quote:

---

Otherwise your only purpose in any recent post you have made in the forum is criticism for criticism's sake, which is even less beneficial than the "half assed" attempts at tutorials you are accusing everyone of.

---

Actually, I should think accurate criticism (regardless of the intent behind it) would be welcomed by any and all tutorial writers.

Quote:

---

Originally posted by el-half
I think you misunderstood me, I mean that the thing cshs seems to expect from the things posted here is called a paper and not a tutorial.

---

As per the definition of tutorial above, yes, I suppose I am. Indeed, I believe the two are synonyms.

Quote:

---

Originally posted by Lansing_Banda
I have said it before and I will say it again, why in God's name would you get involved in a discussion if you have nothing to add. If you don't think he added enough, then why the hell don't YOU stop being lazy and pick up where he left off.

---

That would undermine the purpose of why I am criticizing the placement of this topic, and would only further aid the problem as I see it.

Quote:

---

He asked everyone to. And don't come back and post something like "Well it wasn't my tutorial," or "It wasn't my responsibility," well no it isn't. But you know what, this is a community, and if you want to be active in this community then yes, it is your duty.

---

It is suddenly my duty to do other people's work for them? Nice idea.

Quote:

---

If you have something to add that can benefit someone else, then spreading your knowledge should be your main concern.

---

It is, and I am. I believe constructive criticism is beneficial. Your belief seems to be that rather than criticizing, I should just finish the other half of said tutorial, and should continue to do so for every other tutorial posted that is lacking and I am capable of doing so for. Sorry, but you can go ahead and do that if you like, I will stick to offering suggestions, asking questions, and pointing out flaws (collectively known as criticism).

While I first was not very pleased with chsh, I now start to agree with him.
There's no use in 5 people saying: "Good job!". His constructive criticism is correct (see his comment on my post in the Code Review section for example).
When everybody says you've done something outstanding while it is actually not more than "not bad" you will keep on writing "louzy" stuff. Perfection makes perfect.

Lansing > beyond the personal attack on chsh, what do you think you added the discussion?

If one doesn't feel that an article or post is good, then don't tell them it is great. Is that simple. But who cares whether or not a post is great? This **** isn't being published! So who cares whether or not their work is supurb or crap. If you think that it was short, then say so and keep going where he left off. IT ISN'T YOUR DAMM WORK BUT YOU KNOW WHAT, THIS ISN'T A JOB! YOU ARE NOT GETTING PAID! This is a freaking bulleten board where a bunch of guys are trading knowlegde. We aren't all working on writing books, RFCs, Whitepapers, and a thesis.

I'm sorry that I reacted against you chsh (and Juridian I think that answers your quesion), but crap can we stop taking this so seriously. Just remember what this place is.

lol,all I know is that I'm going to think a million times before posting a tut on here...with this kind of 'constructive criticism' who needs critics?lol
IMO(for what it's worth;)),it was a nice tut,HTRegz put work into it..shouldnt we all just appreciate it rather than go cribbing about it?