j.stiftermedres.ch

• Next message: Jeffery.Gieserminnesotamutual.com: "Re: [fw-wiz] latest firewall tools for linux"
• Previous message: Jeffery.Gieserminnesotamutual.com: "Re: [fw-wiz] Maximum Rule Limit on Checkpoint 2000"
• In reply to: Darren Reed: "Re: [fw-wiz] ipchains cannot block dhcp"
• Next in thread: Darren Reed: "Re: [fw-wiz] ipchains cannot block dhcp"
• Reply: Jan Stifter: "Re: [fw-wiz] ipchains cannot block dhcp"
• Reply: Darren Reed: "Re: [fw-wiz] ipchains cannot block dhcp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 20 May 2000 12:17:08 +1000 (EST), Darren Reed
<darrenrreed.wattle.id.au> wrote:

>> In filtering packets by ipchains (LINUX),
>> dhcpd worked regularly even if all packets were blocked.
>
>Typically the DHCP packages (including the one used by BSDs)
>"sniff" the DHCP packets off the network rather than receive
>them through TCP/IP using whichever interface is relevant.
>Given the nature of this beast, it is quite possible they
>are using similar "tricks" to send back DHCP replies. In both
>cases, the flow of packets bypasses the path in which filtering
>of IP packets is done.
>

i am wondering, if this could not be used by an attacker, to break
dhcpd or to change ip's from inside the DMZ to listen to ip's from
outside the DMZ, just because they get other ip's?

and if this is really true, their might be other software that bypass
the ipchains filter to "sniff" network. how is that possible?

jan

• Next message: Jeffery.Gieserminnesotamutual.com: "Re: [fw-wiz] latest firewall tools for linux"
• Previous message: Jeffery.Gieserminnesotamutual.com: "Re: [fw-wiz] Maximum Rule Limit on Checkpoint 2000"
• In reply to: Darren Reed: "Re: [fw-wiz] ipchains cannot block dhcp"
• Next in thread: Darren Reed: "Re: [fw-wiz] ipchains cannot block dhcp"
• Reply: Jan Stifter: "Re: [fw-wiz] ipchains cannot block dhcp"
• Reply: Darren Reed: "Re: [fw-wiz] ipchains cannot block dhcp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]