|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Secure DHCP?
-----BEGIN PGP SIGNED MESSAGE-----
> After having experienced a rather malicious attack on our corporate network by
> someone running a rogue DHCP server, I'm wondering if there's any way to
> prevent this from happening again?
Ask your ethernet switch/bridge or cablemodem vendor for a method of
disabling non-ARP broadcasts from being received by client machines. You
can then trust your switches to direct such requests only to anything you
let receive broadcasts, which should only be trusted servers.
Cisco's IRB bridging has "subscriber-policy" which roughly approximates this
that I use for our DSL customers. I believe their higher-end switches can
take layer-2 access-lists, which could be made to work similarly.
Any protocol that relies on trusting the first server to reply to a
broadcast is similiarly vulnerable. I'm not sure theres a way to secure the
protocol itself if the client has zero knowledge of the network its on when
it starts up, which is the point of DHCP.
Note that disabling broadcasts may adversely affect some already-broken
protocols, such as WINS or SMB. This might only prevent shares off of
"client" machines from showing up in others' Network Neighborhood, but I
can't say that I've tested it.
Aaron Hopkins
[email protected]
Chief Technical Officer, Cyberverse Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBN5qJmUfJWHAEvsjBAQHa/QP/TnuMtu17O2wn5F15fFITHdCUDOCLUqy1
4QyfzRLdyeNFQA5o5bSoPirP3DjgPb2s5l/0IgQjJDPPMehCnFNCQ7sFq/A3/+3I
3e7XsxASmHXDsxbQP490oPbKkfMEvtAXH9pYolwnfmuhxn/VPYXqOg4A1GomukBp
PQlYBTOnSL0=
=77jy
-----END PGP SIGNATURE-----
|