Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
To: Andrew Brown <>
From: Steven M. Bellovin <>
List: tech-net
Date: 01/07/2002 19:27:47
In message <>, Andrew Brown writes:
>>> >It doesn't matter.  The client is required to put its MAC address in
>>> >the dhcp packet payload so it is always available there.
>>> certainly, but i've often found it more informative to look at the
>>> ethernet header itself to find out exactly where packets are coming
>>> from.
>>Since an dhcp can come from a relay agent, the mac address itself
>>isn't interesting.
>i was considering that, and thinking that the response from the server
>should be sent back to the relay instead of to the hardware address as
>specified in the dhcp message itself...

Not just "should" -- must.  If there's a relay agent, the server and 
client are probably on different networks; sending to the hardware 
address of the client won't work.  This is discussed in 2131.

		--Steve Bellovin,
		Full text of "Firewalls" book now at