enquiry on validation of dhcp offered address
dhcp1 at thehobsons.co.uk
Sun Apr 22 08:25:23 UTC 2012
If you are going to reply to the digest, PLEASE FIX THE SUBJECT !
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Q: What is the most annoying thing in e-mail?
>if dhclient can fully trust dhcp server, this kind of report should
And what on earth does that have to do with your query - absolutely
nothing. That is a vulnerability in terms of being sent "bad" data
and executing code. Your query is about validating the address
because you don't trust your ISP to hand out a correct one.
The ability of another user on a shared network to setup a rogue DHCP
serveer is well known - it's been a known security issue since before
DHCP was around (it was known about back when BOOTP was 'new').
Depending on the environment, anyone running a DHCP service in a
'hostile" environment should be aware of this and have measures in
place to avoid it (block DHCP traffic) or at least detect it so it
can be dealt with. In general, I'd be surprised to see any competent
ISP not block DHCP server traffic from clients to make it physically
impossible to do - if they don't do this then find a competent ISP.
Simply ignoring RFC1918 addresses will not protect you - if I had
access to run a rogue DHCP server then I could just as easily hand
out some random block of addresses which your check wouldn't complain
about - and you'd be none the wiser.
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users