Security Basics mailing list archives
Re: DHCP Snooping
From: "Sven Édouard" <sven_edouard () fastmail co uk>
Date: Tue, 06 Jun 2006 16:50:32 -0700
DHCP Security is ultimately a tricky proposition, keep in mind that these communications are sent over UDP, which can be spoofed, therefore, what you would need to do is force everyone's configuration to be a static one in order to avoid a spoofed respose condition. Also, there is the risk that someone on your network is using the same MAC address as another user, and therefore could see all of the traffic intended for that user. I think you could cover these cases by deploying VLANS but just wanted to bring up these potential issues. Sven On 6 Jun 2006 19:52:59 -0000, timpacalypse () yahoo com said:
I'm looking at deploying DHCP Snooping in our environment. I just want to make sure I've got this straight. We only have 1 DHCP server. So the only port that I need to say is trusted is the one the DHCP Server is connected to, right? I don't want anyone to be able to deploy any rogue DHCP Servers in the network. We are using VLANS, but I don't need to set the trunk ports as trusted do I?
-- Sven Édouard sven_edouard () fastmail co uk -- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html
Current thread:
- DHCP Snooping timpacalypse (Jun 06)
- Re: DHCP Snooping Sven Édouard (Jun 07)
- Re: DHCP Snooping Dmitry Cherkasov (Jun 09)
- Message not available
- Re: DHCP Snooping Ivan . (Jun 09)
- Re: DHCP Snooping Sven Édouard (Jun 07)
- Re: DHCP Snooping Dmitry Cherkasov (Jun 07)
- Re: DHCP Snooping Kenton Smith (Jun 09)
- <Possible follow-ups>
- Re: DHCP Snooping s (Jun 07)
- DHCP Snooping Juan Munera (Jun 26)