{DANGEROUS?} SV: DHCP Authentication
Joe Polcari
jpolcari at bluesocket.com
Tue Jul 1 13:25:31 UTC 2008
Especially if there's any cisco gear involved
> From: Anders Rosendal <anders at rosendal.nu>
> Reply-To: <dhcp-users at isc.org>
> Date: Tue, 1 Jul 2008 12:15:44 +0200
> To: <dhcp-users at isc.org>
> Conversation: DHCP Authentication
> Subject: {DANGEROUS?} SV: DHCP Authentication
>
> Warning: This message has had one or more attachments removed
> Warning: (notnamed).
> Warning: Please read the "VirusWarning.txt" attachment(s) for more
> information.
>
> If the network owner starts to implement features like dhcp-snooping with "ip
> source guard" and "ip arp inspection" in the switches to achive much greater
> security in the network your solution with dhcp on non default ports will
> probebly fail totally. This since dhcp-snooping in the switches probebly won't
> recognice your modified dhcp communication.
>
> Regards Anders R
>
> ________________________________
>
> Från: dhcp-users-bounce at isc.org genom Marco Amadori
> Skickat: ti 2008-07-01 12:42
> Till: dhcp-users at isc.org
> Ämne: Re: DHCP Authentication
>
>
>
> On Tuesday 01 July 2008, 12:23:58, Simon Hobson wrote:
>
>> Probably, just running the DHCP protocol on non-standard ports should
>> do the trick for you. In the general case (where you need to use the
>> standard ports) you need to configure both servers to be
>> authoritative for only 'their' clients and totally ignore any other
>> clients - this requires admin access to BOTH servers and cannot be
>> achieved without.
>
> Thanks for the answer, do you have any hints for semplify dhcpd.conf I wrote
> in the previous mail?
>
> Or in other words: there is a way to produce parametric "classes" and "pools"
> rules? (I resolved that including a shell-generated classes and pools file,
> but seeking for a more elegant solution).
>
> Kudos for supporting regular expression matches in v 4.0!
>
> --
> ESC:wq
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner on mars.rosendal.nu,
> and is believed to be clean.
>
>
>
More information about the dhcp-users
mailing list