nanog mailing list archives
Re: Secure DHCP?
From: Fletcher E Kittredge <fkittred () gwi net>
Date: Mon, 26 Jul 1999 09:11:22 -0400
After having experienced a rather malicious attack on our corporate network by someone running a rogue DHCP server, I'm wondering if there's any way to prevent this from happening again? The perpetrator basically managed to renumber most of an entire subnet (into an entirely different IP block) of our network, causing a major denail of service. I've read the RFC's and checked all the network reference books I can find, and none of them indicate any way to prevent this from happening again. Am I missing something here, or is it time to start writing RFC's? Thanks in advance.
In a cable modem environment, we make use of packet filtering to prevent any cable modem user from responding to DHCP requests. Customer cable modems can act as a clients for such requests, but not as servers. In other environments, we essentially use the same tactic; we partition the network so that valid servers are on controlled segments, and only allow DHCP servers on those segments. Right now, it seems we have the tools to authenticate and authorize DHCP with current RFCs. I would be very interested in hearing about potential attacks we have missed. regards, fletcher
Current thread:
- Secure DHCP? Nicholas Bastin (Jul 24)
- Re: Secure DHCP? Daniel Senie (Jul 24)
- Re: Secure DHCP? Andrea Di Lecce (Jul 25)
- Re: Secure DHCP? Aaron Hopkins (Jul 24)
- Re: Secure DHCP? Eric Germann (Jul 25)
- Re: Secure DHCP? Alex Bligh (Jul 25)
- Re: Secure DHCP? Fletcher E Kittredge (Jul 26)
- Re: Secure DHCP? Daniel Senie (Jul 26)
- Re: Secure DHCP? Daniel Senie (Jul 24)