[Tfug] Static/Dynamic (IP,name) bindings
Bexley Hall
bexley401 at yahoo.com
Thu Sep 13 11:11:54 MST 2012
Hi Tyler,
--- On Thu, 9/13/12, Tyler Kilian <vaca at grazeland.com> wrote:
> Some switches have security features
> such as DHCP Snooping, that can help mitigate the threat of
> rogue DHCP servers. Some common sense
> network segmentation can also help mitigate the issue by
> reducing the scope of issue. The overall
> point being that there are some ways to protect yourself.
Yes, but that would only be common in enterprise scenarios.
I suspect you won't find any SOHO kit with those features!
You wouldn't want to run the risk of someone (friend/foe)
surreptitiously installing a new image in your HVAC controller
just by plugging in a rogue host that tricks the controller
into accepting a new image from *it* instead of the *real*
image server...
It seems that the only "safe" way of doing this is to use
a more secure protocol.
I'll have to keep thinking about how to *detect* this sort
of situation (as a prophylactic measure).
Thanks!
--don
More information about the tfug
mailing list