[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] newbie question about dhcp/bootp server..

> Date: Thu, 11 Apr 2002 14:48:58 -0400
> From: Bryan Housel <bryan@xxxxxxxxxxxxxxx>

> I got a call from my ISP complaining that my raq3 is running a
> dhcp server which is interfering with their network, and they
> want me to disable it.. 

Tell them to fix their network.


> 1. Is this normal

If you don't need it, you shouldn't run it.


> 2. could it cause problems with other machines on their network

On a broken network.

Here's the deal.  DHCP broadcasts on the local ethernet segment.
If your RaQ is on the same segment, run away screaming... as I
have posted several times, and will do so on a separate line in
all caps:

	NETWORKS SHOULD BE SEGMENTED INTO VLANS

If not, people can sniff traffic, steal IP addresses, et cetera.
Networks that can't handle broken customer configs are BROKEN.

If they do have you in a VLAN, then why are they forwarding
UDP/67 and UDP/68 between networks??


> 3. if so, how do i turn it off?

What do you have in

	/etc/rc.d/init.d

that looks like "dhcp", "dhcpd", or "isc"?  I presume that's
where it's being enabled, but I hate to assume.

Quick fix is

	killall -9 dhcpd

but you probably don't want it popping up whenever you reboot.
And, again, demand a private ethernet segment.


--
Eddy

Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.