Firewall Wizards mailing list archives
RE: Using DHCP (was RE: IP Spoofing)
From: Bill_Royds () pch gc ca
Date: Tue, 12 Oct 1999 21:57:54 -0400
A DHCP packet carries the MAC address as port of the query. Routers on the way between host and DHCP server can read it to populate routing tables or ARP caches. If someone grabs an IP address it must be on a segment that has same subnet part as addresses that you are granting by DHCP or it is pretty useless (it won't be routed by modern routing protocols). So the MAC address is either available directly (by RARP) or available by polling the routers ARP tables for routers serving the segment (using SNMP). Using SNMP, a lot of routing and host identification information is available to DHCP server. DHCP can carry a lot more than just IP-MAC mapping. It can carry subnet masks, DNS servers, Kerveros server info, Subnet mask options, even host name to be used. As well it can carry a list of routers that the client should use for various subnets, static routes to fill routing cache. See RFC1533 for some extensions, DHCP is in RFC1541 and 1542. "Safier, Adam (GEIS)" <Adam.Safier () geis ge com> on 99/10/12 18:01:48 To: Bill Royds/HullOttawa/PCH/CA@PCH cc: Dave Gillett <dgillett () deepforest org>, firewall-wizards () lists nfr net Subject: RE: Using DHCP (was RE: IP Spoofing) One more little detail question, how does a DHCP server track MAC/IP address pairs of traffic traveling on subnets separated from the DHCP server by routers? Routers I used to work with did not pass ARP tables, but maybe I'm showing my age. Looks like I will need to read up on DHCP. It has become very common and it's a shame to lose opportunities for setting off alarms. Thanks, Adam
Attachment:
att1.eml
Description:
Current thread:
- Re: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 05)
- Re: Using DHCP (was RE: IP Spoofing) Dave Gillett (Oct 06)
- <Possible follow-ups>
- Re: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 12)
- RE: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 13)
- RE: Using DHCP (was RE: IP Spoofing) Safier, Adam (GEIS) (Oct 13)
- RE: Using DHCP (was RE: IP Spoofing) Anton J Aylward (Oct 16)
- RE: Using DHCP (was RE: IP Spoofing) Safier, Adam (GEIS) (Oct 13)
- RE: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 13)
- RE: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 16)
- RE: Using DHCP (was RE: IP Spoofing) Safier, Adam (GEIS) (Oct 18)
- RE: Using DHCP (was RE: IP Spoofing) Carl Brewer (Oct 18)