dhcp-users Digest, Vol 42, Issue 29
ching
lsching17 at gmail.com
Sun Apr 22 00:55:43 UTC 2012
if dhclient can fully trust dhcp server, this kind of report should not
exists.
http://www.kb.cert.org/vuls/id/107886
On Saturday, April 21, 2012 09:42 PM, sthaug at nethelp.no wrote:
>> i am trying to tune a general purpose router (OpenWRT), which provide
>> WAN access to VLANs.
>>
>> In the point of view of a router, ISP's DHCP server cannot be full-trusted.
>>
>> If those servers get compromised, they may assign some non-routable IP
>> to the WAN interface, and my route table may be "polluted" by those IPs.
> If you don't trust the server you shouldn't run a DHCP service on the
> server.
>
> DHCPv4 is by nature a service which depends on the DHCP server and
> the router (usually DHCP relay agent) trusting each other. DHCPv6 is
> slightly different in that the DHCP server cannot assign a default
> gateway, it has to come from RA. However, it is still the case that
> a compromised server can do a lot of damage.
>
> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
>
More information about the dhcp-users
mailing list