Re: Security Appliance With 12 Network Segments

"Ansgar -59cobalt- Wiechers" <usenet-2011@xxxxxxxxxxxxxxxx> wrote in message
W <persistentone@xxxxxxxxxxxxxx> wrote:
DHCP is not a security protocol. In fact, DHCP is a security hole.
DHCP broadcasts immediately tell any listener what is the shape of
your network (network mask, gateway, etc). ARP further donates to the
trojan's battle plan by informing it of specific targets.

It frustrates me a lot when I hear people thinking that software that
helps a trojan do its job can be configured to help security. It's
the opposite.

While it's true that DHCP is not a security protocol, any but the
smallest networks would be unmanageable without DHCP.

Exactly right. DHCP's main purpose in life is to help machines *that play
by the rules* to share a limited pool of IPs. In this role it performs

DHCP's role is not to make sure that other PCs don't use an IP that it wants
to manage. A hacker doesn't play by the rules, and for that person DHCP
is one of his tools.



Relevant Pages

  • Re: networking private and public hosts questions
    ... some systmes in storage to create a test network. ... a WS to the child and attempted to pull an IP from the DHCP server, ...
  • Re: A little FYI
    ... > fix for a different problem or end up making the same configuration ... Maybe faulty network equipment, ... > to look at what might interfere with DHCP. ... you were not here as I was trying to get the card to stay ...
  • Re: Preventing DHCP from allocating IPs
    ... Each segment is physically separate with a Linux ... unknown MAC addresses firstly don't get a DHCP ... >> wants access to your network, they will have to come to you to obtain ...
  • Cable Connectivity
    ... address for the Network Card with network address 00402B2F688C. ... The DHCP Client service on your computer did not receive a response ... If connection with the network is not established using this APIP ... the DHCP Client service will try to contact the DHCP server ...
  • Re: Exchange not loading properly, since updates?
    ... No other DHCP services running on the network. ... >> here is the changelog text, ... >> Old Subnet Mask: ...