Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] dhcp
>Betcha dollars to donuts you got a rogue dhcp server In-house.
>Unless you hung a machine on the
>wrong side of the firewall its most probable that it is infact
>comeing from your network.
>
>Ports? We don't need no stinkin ports...

Some ports seems to stink (ok - higher ip rev)

cat /etc/services | grep -i dhcp

??

/sbin/SuSEfirewall2

snip
------
######################
# Allow DHCP replies #
######################
test "$FW_SERVICE_DHCLIENT" = yes && {
$LAA $IPTABLES -A INPUT -j LOG ${LOG}-ACCEPT -p udp --sport 67 -d 255.255.2
$IPTABLES -A INPUT -j "$ACCEPT" -m state --state ESTABLISHED -p udp --spor
}
test "$FW_SERVICE_DHCPD" = yes && {
$LAA $IPTABLES -A INPUT -j LOG ${LOG}-ACCEPT -p udp --sport 68 -d 255.255.2
$IPTABLES -A INPUT -j "$ACCEPT" -m state --state NEW,ESTABLISHED -p udp --
}
-----
snap

shows that udp-ports 67/68 are involved.

Pleaze enlight us ! They smell !

:O)_

Michael Appeldorn

PS: Me german (as you can read) - so what means : Betcha dollars to donuts ?



< Previous Next >
References