Bugtraq mailing list archives
Re: BOOTP/DHCP security
From: alan () lxorguk ukuu org uk (Alan Cox)
Date: Wed, 27 Nov 1996 20:07:38 +0000
So what solutions have other people thought about/implemented to cope with the possibility of rogue address discovery servers being set up? Since the requests are broadcast, and OS+daemon can fit on a floppy disk in some cases and is just a free add-on in others, it is very easy to offer back
It is worse than this. Just 'borrow' the address of a Windows95 box and ping it. There are also some very interesting other tricks. A dhcp response to all the macs I've tried with a 0 second lifetime locks the mac solid. The concept is old though. The first every Linux appletalk application was a program that stopped macintoys booting anywhere on the lan by owning every appletalk address.
This is particularly relevant to the relatively small number of sites that do a lot of remoteboot for security reasons (see
Some of those are very very hard. Assuming you have IPv6 and a router key in your own persistent storage you are ok (and IPv6 will have a lot of dynamic config). However if you have no key the problem of finding who to talk to in order to kick things off appears insoluble as their is no way to build a trusted path. Another incredibly vulnerable area given this lan access is bridges. They all talk 802.1 spanning tree to remove loops. It lets you do stuff like turn ports off. 802.1 has no security, no crypto nothing, no logging nothing at all. Many tools like SNMP tools and packet sniffers dont even understand 802.1. Alan
Current thread:
- Re: Digital FW2.0 question, (continued)
- Re: Digital FW2.0 question Alan Cox (Nov 27)
- Re: FreeBSD Security Advisory: FreeBSD-SA-96:18.lpr Warner Losh (Nov 26)
- XMCD v2.1 released (was: Security Problems in XMCD) Xmcd Admin (Nov 25)
- Security Problems in XMCD 2.1 David J. Meltzer (Nov 26)
- Re: Security Problems in XMCD 2.1 Theo Van Dinter (Nov 26)
- Re: Security Problems in XMCD 2.1 Jim Dennis (Nov 26)
- Re: Security Problems in XMCD 2.1 Alan Cox (Nov 27)
- Administratriva Aleph One (Nov 26)
- A security issue of a different kind. Alan Brown (Nov 26)
- BOOTP/DHCP security itudps (Nov 26)
- Re: BOOTP/DHCP security Alan Cox (Nov 27)
- Re: A security issue of a different kind. Jon Peatfield (Nov 27)
- Re: A security issue of a different kind. Piete Brooks (Nov 27)
- Major Security Vulnerabilities in Remote CD Databases David J. Meltzer (Nov 26)
- Re: Major Security Vulnerabilities in Remote CD Databases itudps (Nov 26)
- lquerypv fix Troy Bollinger (Nov 25)
- HP Bug of the Week! Aleph One (Nov 23)
- HP Bug of the Week: OFS Aleph One (Nov 23)
- Serious BIND resolver problem. Oliver Friedrichs (Nov 18)
- Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Alan Cox (Nov 19)
- Re: Serious hole in Solaris 2.5[.1] gethostbyname() (exploit Joe Zbiciak (Nov 19)