enquiry on validation of dhcp offered address
Simon Hobson
dhcp1 at thehobsons.co.uk
Sat Apr 21 18:41:15 UTC 2012
Subject corrected ...
ching wrote:
>i am trying to tune a general purpose router (OpenWRT), which
>provide WAN access to VLANs.
>
>In the point of view of a router, ISP's DHCP server cannot be full-trusted.
>
>If those servers get compromised, they may assign some non-routable
>IP to the WAN interface, and my route table may be "polluted" by
>those IPs.
I'll put this as delicately as I can. If you don't trust your ISP,
then the address you get is the least of your worries. If someone is
going to compromise the ISPs DHCP servers, they'd be more likely to
keep the IPs correct and redirect your DNS or something like that.
If they give you a non-routable address then the ISP would soon have
it's helpdesk swamped by a deluge of calls and it would be spotted.
So anyone with enough intelligence to actually do anything to worry
about would not do that - they'd do their best to make your
connection appear to work normally while doing something else (such
as redirecting DNS so they can do man in the middle attacks on your
traffic). Such things would not be easily detectable from your end.
So, if you have that little trust in your ISP - you need to find a
different ISP.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list