PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pixieboot attack

From: Mike Patterson <mike () snowcrash ca>
Date: Mon, 16 Jan 2012 10:10:54 -0500
On 12-01-16 4:38 AM, Robin Wood wrote:

Has anyone done this? Do organisations use PXE boot on network machines?


I've thought about it, mostly from the "how to prevent it" perspective.
The most feasible answer I came up with is "hope it doesn't happen."

I don't know about other organisations, but some places I've worked use
it. They tend to enable it only for machine installation, and disable it
again afterwards. The one group I was with that made heavy use, we had a
separate VLAN just for this. Enable PXE, change the VLAN, boot /
reinstall, disable PXE, change the VLAN back.

I don't know what might break if you blocked the bits that PXE needs to
properly work on non-"reinstall" networks, but that could be a mitigation.

Mike

-- 
Imagine what medieval peasants would say if you could explain to
them the stuff that people waste most of their time worrying about
these days.  - David Morgan-Mar
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: