COMMAND

    @Home network

SYSTEMS AFFECTED

    @Home network

PROBLEM

    Roadkill Randu  posted following.   The @Home  network assigns  IP
    addresses on a fairly permanent  basis to its subscribers, but  it
    does use DHCP  for IP address  assignment.  It  is trivial matter,
    however, to take over another @Home account's IP address by simply
    providing  another  customer's  ID  for  the hostname parameter in
    DHCP.   It is  also trivial  to acquire  this hostname  parameter,
    since all it requires  is 'host @HomeIPaddress' to  determine what
    the customer ID is.

    It is more trivial than that, in fact..

        nslookup <random @home hostname>

    If the number is active, it  will be in the @home DNS  tables. (If
    not,  it's  not  active.)  You  then  have  the  IP address of the
    hostname.

        ping <@home hostname>

    If you don't  get a reply,  the IP address  isn't being used,  and
    you can steal it.  This  is, of course, very easy to  automate and
    profile when  a group  of hostnames  are typically  on, pattens of
    usage, etc.

    Randu had his @Home connection hijacked from him repeatedly in the
    last six months.

SOLUTION

    Randu has  notified @Home  of this  problem twice  in the last two
    months.