enquiry on validation of dhcp offered addres
Glenn Satchell
glenn.satchell at uniq.com.au
Mon Apr 23 12:59:14 UTC 2012
On 04/23/12 21:17, ching wrote:
>
> I will look for other way to prevent routing intranet traffic to outside.
>
>> Hang on ... you never said anything about that before !
>>
>> If all you are interested in is preventing routing certain traffic
>> outside of your network then just apply a few firewall rules to block
>> it. That too is nothing to do with DHCP.
>>
> This partially solve the problem as dropping internal traffic can result
> in a denial of service attack.
You could add firewall rules to block outbound traffic on your WAN
interface to addresses that match your internal network. This is called
anti-spoofing, and is (or used to be) common practise when setting up a
firewall. So, if someone outside your LAN pretends to have an internal
IP you ignore that. That's not denial of service, since it's only going
to block invalid IP destinations.
--
regards,
-glenn
More information about the dhcp-users
mailing list