From owner-freebsd-security Tue Apr 20 13:33: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id 63C4215024 for ; Tue, 20 Apr 1999 13:33:00 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id NAA05585; Tue, 20 Apr 1999 13:28:57 -0700 (PDT) Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id NAA22198; Tue, 20 Apr 1999 13:28:42 -0700 Received: from softweyr.com (dyn5.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA16303; Tue, 20 Apr 99 13:28:37 PDT Message-Id: <371CE376.FDED01D5@softweyr.com> Date: Tue, 20 Apr 1999 14:28:38 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: David Gilbert Cc: cjclark@home.com, Harry_M_Leitzell@cmu.edu, fred@fredbox.com, security@FreeBSD.ORG Subject: Re: DHCP (was Re: poink attack (was Re: ARP problem in Windows9X/NT)) References: <14108.38235.254919.924353@trooper.velocet.ca> <199904201515.LAA09694@cc942873-a.ewndsr1.nj.home.com> <14108.40776.605720.29036@trooper.velocet.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David Gilbert wrote: > > >>>>> "Crist" == Crist J Clark writes: > > Crist> OK, I'll bite. > > Crist> What happens when someone who is not supposed to connects to a > Crist> DHCP served network? (Besides that they are connected to the > Crist> network and are not supposed to be.) -- Crist J. Clark > Crist> cjclark@home.com > > It just lowers the bar. To attach oneself usefully to a foreign IP > network requires some experimentation and/or packet sniffing. On a > DHCP network, it's just plug and pray. I suppose it's the difference > between running Linux which every script kiddie plays with vs. running > FreeBSD (little harder) or HpUX (reasonably obscure). > > I'm certainly not one to believe in security by obscurity --- not at > least against a knowledgeable attacker. However, there is a > coorelation between the number of breakins on hosts we (Velocet) > monitor and that hosts representative population. > > DG/UX is likely holey as swiss cheeze, but rootshell doesn't have a > 'sploit for it. > > Back to the origional issue: Joe _average_ salesman is sitting in the > boardroom... which has a network jack. He's left alone for 30 minutes > for one reason or another. He plugs in. Without _any_ knowledge, > he's up and running. Of course, if Joe were a hacker worth his salt, > this wouldn't be a barrier --- but the likelyhood of Joe being a > hacker is small. > > I think there's a definate range of security issues --- and I think > it's rediculus for most companies to take the standard 'stance' that > they must protect themselves against all perils As Rob Clyde used to point out, of the security measure put in place cost more than the potential loss, you've absolutely lost money. All "reasonable" security is to implement the most effective, least expensive security measures and then keep going until your systems (and networks) are "secure enough." -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message