DHCP Client DoS

[Ian Watkinson]

Hi all,

We've recently found a problem with dhclient that can DoS a DHCP
server. If you have schg flags set on /etc/resolv.conf to stop dhcp
overwriting your existing nameservers, the problem occurs.

Basically, the client just keeps rejecting the IP details it has
received from the server and requesting another. The server marks the
record as used, and moves onto the next one. Over the course of a couple
of minutes, you can pretty much mark an entire class C as in use. 

If you remove the schg flag from resolv.conf, this problem does not
happen. 

This has been tested from a FreeBSD 5 client against a Windows NT server
and a FreeBSD 4.7 server with the same results. 

-- 
Ian Watkinson

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message

Re: solaris firewall?

[Ian Watkinson]

On Fri, 2003-01-10 at 07:41, Shawn Henderson wrote:
 how well of a firwall can be created with Solaris 8
 I am playing with a couple different *nix flavors and wanted to test out
 setting up a Solaris firewall
 is it possible and how would I do it..any Ideas.
 

1/ This is nothing to do with FreeBSD, so why are you posting to so many
FreeBSD lists? Unix != FreeBSD != Solaris.

2/ There are two forms of Sun Firewall, from Sun. Sunscreen and Suncreen
lite. Neither are great unless you have access to Sun's course notes for
the software.

3/ If you want to compare Unix Firewalls, then try something like Ipcop
as a starter, then replicate what it does, with freensd, then see how
many of those packages then will work on solaris.


-- 

Ian Watkinson


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-hackers in the body of the message