tech-security: Re: dhcpd(8) _cannot_ be completely disabled on an interface

Subject: Re: dhcpd(8) _cannot_ be completely disabled on an interface
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: tech-security
Date: 01/09/2002 18:44:59

On Apr 24,  4:11am, der Mouse wrote:
} 
} > and won't it need to use a bpf in order to do so?
} 
} Not necessarily.  It is likely enough to install an ARP entry for the
} MAC address given and the IP address assigned to that client (which can
} be done with a routing socket), and then send the packet as a normal
} UDP packet.

     DHCP uses a four step process.  First, the client broadcasts a
DHCPDISCOVER packet.  Second, all DHCP servers that hear the broadcast
respond with a DHCPOFFER which includes an address (not necessarily the
same one).  Third, the client sends a DHCPREQUEST to the the first
server that had responded asking to use the address given.  Finally,
that server responds with a DHCPACK.  Do you really want the server
installing an ARP entry at the DHCPOFFER stage when the client may or
may not use the offered address?

}-- End of excerpt from der Mouse