{DANGEROUS?} SV: DHCP Authentication

Anders Rosendal anders at rosendal.nu
Tue Jul 1 10:15:44 UTC 2008


Warning: This message has had one or more attachments removed
Warning: (notnamed).
Warning: Please read the "VirusWarning.txt" attachment(s) for more information.

If the network owner starts to implement features like dhcp-snooping with "ip source guard" and "ip arp inspection" in the switches to achive much greater security in the network your solution with dhcp on non default ports will probebly fail totally. This since dhcp-snooping in the switches probebly won't recognice your modified dhcp communication.
 
Regards Anders R 

________________________________

Från: dhcp-users-bounce at isc.org genom Marco Amadori
Skickat: ti 2008-07-01 12:42
Till: dhcp-users at isc.org
Ämne: Re: DHCP Authentication



On Tuesday 01 July 2008, 12:23:58, Simon Hobson wrote:

> Probably, just running the DHCP protocol on non-standard ports should
> do the trick for you. In the general case (where you need to use the
> standard ports) you need to configure both servers to be
> authoritative for only 'their' clients and totally ignore any other
> clients - this requires admin access to BOTH servers and cannot be
> achieved without.

Thanks for the answer, do you have any hints for semplify dhcpd.conf I wrote
in the previous mail?

Or in other words: there is a way to produce parametric "classes" and "pools"
rules? (I resolved that including a shell-generated classes and pools file,
but seeking for a more elegant solution).

Kudos for supporting regular expression matches in v 4.0!

--
ESC:wq

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



--
This message has been scanned for viruses and
dangerous content by MailScanner on mars.rosendal.nu,
and is believed to be clean.



-------------- next part --------------
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "winmail.dat"
was believed to be infected by a virus and has been replaced by this warning
message.

If you wish to receive a copy of the *infected* attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Tue Jul  1 13:17:03 2008 the virus scanner said:
   badtnef

Note to Help Desk: Look on the MailScanner in /var/spool/MailScanner/quarantine/20080701 (message CE6E840008C.05C75).
-- 
Postmaster
Rosendal.nu Home
www.rosendal.nu

MailScanner thanks transtec Computers for their support


More information about the dhcp-users mailing list