Security of dhcpd on non-listening interfaces?
Simon Hobson
dhcp1 at thehobsons.co.uk
Tue Mar 1 20:23:56 UTC 2016
stevel_isc at jbco.com wrote:
> Some of you appear to know the code well. How secure is the server from
> malicious packets on non-listening interfaces?
>
> What I mean is, does the code identify and discard packets (both ip and raw
> sockets) for ignored interfaces prior to doing risky things (like parsing
> and memory reallocation)?
>
> Are there links to discussions on this? I should check out the relevant
> sections of code, but before starting from scratch I'll bet there's a wealth
> of discussion somewhere.
I don't recall any discussion of this in the past, and I've been on here for quite a few years.
As an alternative tack, can you separate the services onto two (or more) servers ? In my experience, people looking at security to the level you appear to be doing tend to distrust security that relies only on software configuration - and for some of my customers at work that also means not relying on VLANs for traffic separation.
More information about the dhcp-users
mailing list