tech-security: Re: dhcpd(8) _cannot_ be completely disabled on an interface

Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
To: Mipam <mipam@ibb.net>
From: Jim Wise <jwise@draga.com>
List: tech-security
Date: 01/06/2002 15:07:35

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, a good diagnosis.  In fact, I said this in the original post.  :-)

On Sun, 6 Jan 2002, Mipam wrote:

>[SNIP]
>
>> from nmap from an outside host:
>> ...
>> 68/udp     open        bootpc
>> ...
>
>This is because dhcp listens on bpf which is before ipf (seen from
>outside). So requests and answers wont go through the in-kernel
>ip stack and so also not through ipf which listens in front of the ip stack.
>Bye,
>
>Mipam.
>

- -- 
				Jim Wise
				jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8OK6PN71lEcOYcw4RAlbuAJ4nw4XTOe53iIj5FkGKiE+1EMu/8gCfcWaQ
fkzYri4KU3aJmBE1pdwp93k=
=k+2z
-----END PGP SIGNATURE-----