Security Basics mailing list archives
Re: DHCP Snooping
From: "Ivan ." <ivanhec () gmail com>
Date: Thu, 8 Jun 2006 09:11:03 +1000
Hi I assume your talking Cisco? If so check this out http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/dhcp.htm cheers Ivan
On 6/7/06, Sven Édouard <sven_edouard () fastmail co uk> wrote: > DHCP Security is ultimately a tricky proposition, keep in mind that > these communications are sent over UDP, which can be spoofed, therefore, > what you would need to do is force everyone's configuration to be a > static one in order to avoid a spoofed respose condition. > > Also, there is the risk that someone on your network is using the same > MAC address as another user, and therefore could see all of the traffic > intended for that user. I think you could cover these cases by deploying > VLANS but just wanted to bring up these potential issues. > > Sven > > > > > On 6 Jun 2006 19:52:59 -0000, timpacalypse () yahoo com said: > > I'm looking at deploying DHCP Snooping in our environment. I just want > > to make sure I've got this straight. > > > > We only have 1 DHCP server. So the only port that I need to say is > > trusted is the one the DHCP Server is connected to, right? I don't want > > anyone to be able to deploy any rogue DHCP Servers in the network. We > > are using VLANS, but I don't need to set the trunk ports as trusted do I? > -- > Sven Édouard > sven_edouard () fastmail co uk > > -- > http://www.fastmail.fm - One of many happy users: > http://www.fastmail.fm/docs/quotes.html > >
Current thread:
- DHCP Snooping timpacalypse (Jun 06)
- Re: DHCP Snooping Sven Édouard (Jun 07)
- Re: DHCP Snooping Dmitry Cherkasov (Jun 09)
- Message not available
- Re: DHCP Snooping Ivan . (Jun 09)
- Re: DHCP Snooping Sven Édouard (Jun 07)
- Re: DHCP Snooping Dmitry Cherkasov (Jun 07)
- Re: DHCP Snooping Kenton Smith (Jun 09)
- <Possible follow-ups>
- Re: DHCP Snooping s (Jun 07)
- DHCP Snooping Juan Munera (Jun 26)