enquiry on validation of dhcp offered addres
glenn.satchell at uniq.com.au
Mon Apr 23 12:59:14 UTC 2012
On 04/23/12 21:17, ching wrote:
> I will look for other way to prevent routing intranet traffic to outside.
>> Hang on ... you never said anything about that before !
>> If all you are interested in is preventing routing certain traffic
>> outside of your network then just apply a few firewall rules to block
>> it. That too is nothing to do with DHCP.
> This partially solve the problem as dropping internal traffic can result
> in a denial of service attack.
You could add firewall rules to block outbound traffic on your WAN
interface to addresses that match your internal network. This is called
anti-spoofing, and is (or used to be) common practise when setting up a
firewall. So, if someone outside your LAN pretends to have an internal
IP you ignore that. That's not denial of service, since it's only going
to block invalid IP destinations.
More information about the dhcp-users