Mailinglist Archive: opensuse-security (685 mails)

[Michael Appeldorn <appeldorn@xxxxxxxxx>]

>Betcha dollars to donuts you got a rogue dhcp server In-house.
>Unless you hung a machine on the 
>wrong side of the firewall its most probable that it is infact
>comeing from your network.
>
>Ports? We don't need no stinkin ports...

Some ports seems to stink (ok - higher ip rev)

cat /etc/services | grep -i dhcp

??

/sbin/SuSEfirewall2

snip
------
######################
# Allow DHCP replies #
######################
test "$FW_SERVICE_DHCLIENT" = yes && {
    $LAA $IPTABLES -A INPUT -j LOG ${LOG}-ACCEPT -p udp --sport 67 -d 255.255.2
    $IPTABLES -A INPUT -j "$ACCEPT"  -m state --state ESTABLISHED -p udp --spor
}
test "$FW_SERVICE_DHCPD" = yes && {
    $LAA $IPTABLES -A INPUT -j LOG ${LOG}-ACCEPT -p udp --sport 68 -d 255.255.2
    $IPTABLES -A INPUT -j "$ACCEPT"  -m state --state NEW,ESTABLISHED -p udp --
}
-----
snap

shows that udp-ports 67/68 are involved.

Pleaze enlight us ! They smell !

:O)_

Michael Appeldorn

PS: Me german (as you can read) - so what means : Betcha dollars to donuts ?