{DANGEROUS?} SV: DHCP Authentication

Joe Polcari jpolcari at bluesocket.com
Tue Jul 1 13:25:31 UTC 2008 

Especially if there's any cisco gear involved


> From: Anders Rosendal <anders at rosendal.nu>
> Reply-To: <dhcp-users at isc.org>
> Date: Tue, 1 Jul 2008 12:15:44 +0200
> To: <dhcp-users at isc.org>
> Conversation: DHCP Authentication
> Subject: {DANGEROUS?} SV: DHCP Authentication
> 
> Warning: This message has had one or more attachments removed
> Warning: (notnamed).
> Warning: Please read the "VirusWarning.txt" attachment(s) for more
> information.
> 
> If the network owner starts to implement features like dhcp-snooping with "ip
> source guard" and "ip arp inspection" in the switches to achive much greater
> security in the network your solution with dhcp on non default ports will
> probebly fail totally. This since dhcp-snooping in the switches probebly won't
> recognice your modified dhcp communication.
>  
> Regards Anders R 
> 
> ________________________________
> 
> Från: dhcp-users-bounce at isc.org genom Marco Amadori
> Skickat: ti 2008-07-01 12:42
> Till: dhcp-users at isc.org
> Ämne: Re: DHCP Authentication
> 
> 
> 
> On Tuesday 01 July 2008, 12:23:58, Simon Hobson wrote:
> 
>> Probably, just running the DHCP protocol on non-standard ports should
>> do the trick for you. In the general case (where you need to use the
>> standard ports) you need to configure both servers to be
>> authoritative for only 'their' clients and totally ignore any other
>> clients - this requires admin access to BOTH servers and cannot be
>> achieved without.
> 
> Thanks for the answer, do you have any hints for semplify dhcpd.conf I wrote
> in the previous mail?
> 
> Or in other words: there is a way to produce parametric "classes" and "pools"
> rules? (I resolved that including a shell-generated classes and pools file,
> but seeking for a more elegant solution).
> 
> Kudos for supporting regular expression matches in v 4.0!
> 
> --
> ESC:wq
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> 
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner on mars.rosendal.nu,
> and is believed to be clean.
> 
> 
>

More information about the dhcp-users mailing list