PaulDotCom mailing list archives
Re: pixieboot attack
From: David Auclair <d.auclair () utoronto ca>
Date: Thu, 19 Jan 2012 10:39:47 -0500
It's possible to prevent rogue DHCP servers... The same defences would work against the PXE boot attack. You can either configure QoS on your switches to drop DHCP responses from end-users, or you can configure DHCP snooping. -Dave
-----Original Message----- From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom- bounces () mail pauldotcom com] On Behalf Of Mike Patterson Sent: Monday, January 16, 2012 10:11 AM To: pauldotcom () pdc-mail pauldotcom com Subject: Re: [Pauldotcom] pixieboot attack On 12-01-16 4:38 AM, Robin Wood wrote:Has anyone done this? Do organisations use PXE boot on networkmachines? I've thought about it, mostly from the "how to prevent it" perspective. The most feasible answer I came up with is "hope it doesn't happen." I don't know about other organisations, but some places I've worked use it. They tend to enable it only for machine installation, and disable it again afterwards. The one group I was with that made heavy use, we had a separate VLAN just for this. Enable PXE, change the VLAN, boot / reinstall, disable PXE, change the VLAN back. I don't know what might break if you blocked the bits that PXE needs to properly work on non-"reinstall" networks, but that could be a mitigation. Mike -- Imagine what medieval peasants would say if you could explain to them the stuff that people waste most of their time worrying about these days. - David Morgan-Mar _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack Jim Halfpenny (Jan 16)
- Re: pixieboot attack Mike Patterson (Jan 16)
- Re: pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack James Shewmaker (Jan 16)
- Re: pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack David Auclair (Jan 19)