Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Using DHCP (was RE: IP Spoofing)

From: Bill_Royds () pch gc ca
Date: Tue, 12 Oct 1999 21:57:54 -0400
A DHCP packet carries the MAC address as port of the query. Routers on the way
between host and DHCP server can read it to populate routing tables or ARP
caches. If someone grabs an IP address it must be on a segment that has same
subnet part as addresses that you are granting by DHCP or it is pretty useless
(it won't be routed by modern routing protocols).  So the MAC address is either
available directly (by RARP) or available by polling the routers ARP tables for
routers serving the segment (using SNMP).  Using SNMP, a lot of routing and host
identification information is available to DHCP server.
DHCP can carry a lot more than just IP-MAC mapping. It can carry subnet masks,
DNS servers, Kerveros server info, Subnet mask options, even host name to be
used. As well it can carry a list of routers that the client should use for
various subnets, static routes to fill routing cache. See RFC1533 for some
extensions,  DHCP is in RFC1541 and 1542.





"Safier, Adam (GEIS)" <Adam.Safier () geis ge com> on 99/10/12 18:01:48

To:   Bill Royds/HullOttawa/PCH/CA@PCH
cc:   Dave Gillett <dgillett () deepforest org>, firewall-wizards () lists nfr net
Subject:  RE: Using DHCP (was RE: IP Spoofing)



One more little detail question, how does a DHCP server track MAC/IP address
pairs of traffic traveling on subnets separated from the DHCP server by
routers? Routers I used to work with did not pass ARP tables, but maybe I'm
showing my age.

Looks like I will need to read up on DHCP. It has become very common and
it's a shame to lose opportunities for setting off alarms.

Thanks,
Adam

Attachment: att1.eml
Description:

Previous By Date Next
Previous By Thread Next

Current thread: