DHCP code in 2.0.4+

Karl Auer kauer at biplane.com.au
Sun Jun 7 15:44:23 CEST 2009

On Sun, 2009-06-07 at 20:22 +0700, Fajar A. Nugraha wrote:
> Last I check ISC's DHCP tries ping first, but newer Windows (with icmp
> echo disabled by default) makes it somewhat less useful.

No server can detect a "rogue" that is switched off. If it's switched
on, your other clients *should* issue DHCPDECLINE responses if they
detect the rogue in their subnets. However, it's not exactly reliable.
It is more reliable with DHCPv6, because duplicate address detection is
a standardised part of the address configuration process.

DHCP is not a security tool. It never was and never will be. You have to
look beyond DHCP for that.

Regards, K.

Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090607/cdca1ee2/attachment.pgp>

More information about the Freeradius-Users mailing list