DHCPv6 default gateway option?

Alex Bligh alex at alex.org.uk
Wed Dec 8 09:59:30 UTC 2010

--On 8 December 2010 00:44:47 -0800 Tim Gavin <livewire98801 at gmail.com> 

> Okay, so bad example, but the point stands.  Since the DHCP server is
> responsible for both the IP and the gateway on v4, if the compromised
> machine tries to send a bad address, the real DHCP server would be
> sending a NAK.

Given IPv4 + DHCP can now be hijacked using a point-and-click firefox
plug in, I don't see it can really get much worse.

If you are worried about your L2 architecture being compromised,
you either need to look at proper cryptographic authentication of
all hosts at L2 (I am unaware of any such technology in a viable
state), or use technologies such as private VLANs or other forms
of filtering to restrict which ports can talk to what and how.

Alex Bligh

More information about the dhcp-users mailing list