On Saturday, July 11, 2015 8:50 AM, joel jaeggli wrote > ... > [5] Section 5: > > Fake > DHCP servers / fake RAs are currently a security concern - this > doesn't make them any better or worse. > > Please cite a reference for this, preferably with operational > recommendations on limiting these problems (e.g., ensure that DHCP and > RA traffic cannot be injected from outside/beyond the network that is relevant to the portal). There is definitely an attack vector there. Suppose an attacker can monitor the traffic, say on an unencrypted Wi-Fi hot spot. The attacker can see a DHCP request or INFORM, and race in a fake response with an URL of their own choosing. The mark's computer automatically connects there, and download some zero-day attack. Bingo! -- Christian Huitema