Date: Wed, 25 Apr 2001 18:54:55 +0000 From: Gunther Schadow <gunther@aurora.regenstrief.org> To: freebsd-net@freebsd.org, freebsd-small@freebsd.org Subject: DHCP vulnerabilities ... Message-ID: <3AE71D7F.14ECB429@aurora.regenstrief.org>
next in thread | raw e-mail | index | archive | help
Hi,
I'm just about configuring a PicoBSD-based VPN gateway settop
box kind of thing :-). I am dealing with cable modem ISPs and
decided to do it the right way, i.e. DHCP. I discovered some
problems with DHCP during the setup phase, where the machine
is in a weird state, the firewall may not be configured right
and neither are the IPsec policies. During that short time
frame after DHCP has assigned a new address and the completion
of the IPsec ipf stuff called from /etc/dhclinent-exit-hooks
the interface is up and may be unprotected. It would be nice
if there was a way to keep the re-configured interface down
and only bring it up after all is well in /etc/dhclient-exit-hooks.
Sure I can (and will) do that in my dhclient-script ("ifconfig if0 down"
"ifconfig if0 up",) but just wanted folks to know about this.
regards
-Gunther
--
Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org
Medical Information Scientist Regenstrief Institute for Health Care
Adjunct Assistent Professor Indiana University School of Medicine
tel:1(317)630-7960 http://aurora.regenstrief.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AE71D7F.14ECB429>