enquiry on validation of dhcp offered address

Simon Hobson dhcp1 at thehobsons.co.uk
Sat Apr 21 18:41:15 UTC 2012


Subject corrected ...

ching wrote:
>i am trying to tune a general purpose router (OpenWRT), which 
>provide WAN access to VLANs.
>
>In the point of view of a router, ISP's DHCP server cannot be full-trusted.
>
>If those servers get compromised, they may assign some non-routable 
>IP to the WAN interface, and my route table may be "polluted" by 
>those IPs.

I'll put this as delicately as I can. If you don't trust your ISP, 
then the address you get is the least of your worries. If someone is 
going to compromise the ISPs DHCP servers, they'd be more likely to 
keep the IPs correct and redirect your DNS or something like that.

If they give you a non-routable address then the ISP would soon have 
it's helpdesk swamped by a deluge of calls and it would be spotted. 
So anyone with enough intelligence to actually do anything to worry 
about would not do that - they'd do their best to make your 
connection appear to work normally while doing something else (such 
as redirecting DNS so they can do man in the middle attacks on your 
traffic). Such things would not be easily detectable from your end.

So, if you have that little trust in your ISP - you need to find a 
different ISP.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.


More information about the dhcp-users mailing list