Re: Security Appliance With 12 Network Segments



"Ansgar -59cobalt- Wiechers" <usenet-2011@xxxxxxxxxxxxxxxx> wrote in message
news:913dq7F8p3U1@xxxxxxxxxxxxxxxxxxxxx
W <persistentone@xxxxxxxxxxxxxx> wrote:
DHCP is not a security protocol. In fact, DHCP is a security hole.
DHCP broadcasts immediately tell any listener what is the shape of
your network (network mask, gateway, etc). ARP further donates to the
trojan's battle plan by informing it of specific targets.

It frustrates me a lot when I hear people thinking that software that
helps a trojan do its job can be configured to help security. It's
the opposite.

While it's true that DHCP is not a security protocol, any but the
smallest networks would be unmanageable without DHCP.

Exactly right. DHCP's main purpose in life is to help machines *that play
by the rules* to share a limited pool of IPs. In this role it performs
well.

DHCP's role is not to make sure that other PCs don't use an IP that it wants
to manage. A hacker doesn't play by the rules, and for that person DHCP
is one of his tools.

--
W


.