|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: BOOTP/DHCP security
Valdis.Kletnieks
vt.eduThu, 28 Nov 1996 04:09:57 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Yuri Volobuev: "Irix: more suid fun/exploits"
- Previous message: Alan Cox: "Re: Digital FW2.0 question"
- In reply to: Benedikt Stockebrand: "Re: BOOTP/DHCP security"
- Next in thread: Alan Cox: "Re: BOOTP/DHCP security"
On Wed, 27 Nov 1996 21:37:58 +0100, you said:
> (1) Make this machine check for bogus MACs in its ARP cache mapped to
> the servers IP address. This forces the attacker to use a network
> card with a configurable MAC and usually stops attacks from machines
> belonging to the network (unless you've got this kind of card
> installed).
Umm.. are there cards that DONT support changing the MAC address?
I know that any card that did older Decnet releases *had* to be
able to do this.
For another good giggle, find a manager who's just learned about
the fact that packet sniffers exist, and point out to him that
the Ethernet spec *requires* support for promiscuous mode.
Watch him shriek "AAAARRGGGGHH!!!!" and call for the return
of IBM3270s hanging off coax. Ever tried to install a sniffer
on an IBM bus/tag pair? Kind of hard to do without the operator
noticing... ;)
Valdis Kletnieks
Computer Systems Engineer
Virginia Tech
- Next message: Yuri Volobuev: "Irix: more suid fun/exploits"
- Previous message: Alan Cox: "Re: Digital FW2.0 question"
- In reply to: Benedikt Stockebrand: "Re: BOOTP/DHCP security"
- Next in thread: Alan Cox: "Re: BOOTP/DHCP security"