Security of dhcpd on non-listening interfaces?

Simon Hobson dhcp1 at
Tue Mar 1 20:23:56 UTC 2016

stevel_isc at wrote:

> Some of you appear to know the code well.  How secure is the server from
> malicious packets on non-listening interfaces?
> What I mean is, does the code identify and discard packets (both ip and raw
> sockets) for ignored interfaces prior to doing risky things (like parsing
> and memory reallocation)?
> Are there links to discussions on this?  I should check out the relevant
> sections of code, but before starting from scratch I'll bet there's a wealth
> of discussion somewhere.

I don't recall any discussion of this in the past, and I've been on here for quite a few years.

As an alternative tack, can you separate the services onto two (or more) servers ? In my experience, people looking at security to the level you appear to be doing tend to distrust security that relies only on software configuration - and for some of my customers at work that also means not relying on VLANs for traffic separation.

More information about the dhcp-users mailing list