Re: No internet connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Nick Drage wrote:
Not wishing to be paranoid, buuuuuuuuutttttttt..... couldn't you
usefully restrict those by source and destination IP?

Probably, but... You usually don't know IP address of DHCP server in advance (ISP can chage it without prior notice, which will happen each time they deem it is time to reorganize their network). You don't know what will be your address before it is assigned to you.


Theoretically, you could modify dhcpclient so that it opens up firewall to be more permissive for those two ports when initially getting IP address, and than making it more strict when both local and DHCP server's addresses are known (and making it more permissive again if DHCP server goes south, so that new one could be discovered).

Theretically, your ISP (I guess it's cable, if using DHCP) should have been protecting you anyhow. Otherwise, any wise ass with Windblows or Linux box could screw up entire cable segment. It would be the last thing he would do (since it would be trivial to pinpoint him). But it might be considered as fun last thing by the before mentioned wise ass.

On the other hand, you should also assume ISP is brain dead and have everything misconfigured (or in better case, not configured at all ;-)

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux