On Sun, May 04, 2003 at 02:10:24AM +0200, Cedric Blancher wrote: > DHCP is a very weak system from security point of vue, that can easily > lead to DoS and traffic redirection. When you have few hundreths servers, there is no better way to assign/change IPs. And even without DHCP, there are a lot of ways for traffic redirection (ARP poisoning and so on). > A customer server compromise could be a serious threat for other servers... When server is not managed, or when attacker is inside of hosting segment - perhaps. But when attacker is outside - there is no way to compromise the host through DHCP. If it is compromised by other means - DHCP is not the cause, so? :) Even MAC filtering is weak - modern NICs may have any MAC, it is configurable. No system is secure - unless it is plugged off and burned out. And even then... but this is another story :) Regards, /Al
