Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
To: Dennis Ferguson <dennis@juniper.net>
From: Andrew Brown <atatat@atatdot.net>
List: tech-security
Date: 01/07/2002 19:06:12
>> it looks to me like that'll tell me on which interface i received the
>> given packet, and my hardware address on that interface as well,
>> though not necessarily the hardware address the packet came to me
>> from.
>
>It doesn't matter. The client is required to put its MAC address in
>the dhcp packet payload so it is always available there.
certainly, but i've often found it more informative to look at the
ethernet header itself to find out exactly where packets are coming
from.
>> and...if the address isn't on the local network, then adding an arp
>> entry will fail, no?
>
>Which address? If we're talking about the IP address, then you're the
>server which assigned the address and something is broken if the address
>you assigned isn't on the interface's subnet. If we're talking about the
>MAC address, however, then ARP doesn't care what it is and won't fail
>to add an ARP entry because of it.
i was merely expecting that i'd be allowed to give out addresses from
another logical network on the same physical network...hmm...yeah.
that didn't work. i wonder...
>...
>I don't see any problem which is fixed by looking at the source address
>in the ethernet header. The protocol certainly doesn't require it, in
>fact it seems to require that you don't do this.
that means i should probably just be quiet and go away, then. thanks.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."