, Dennis Ferguson <dennis@juniper.net>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: tech-security
Date: 01/09/2002 18:52:40
On May 30, 10:56am, Andrew Brown wrote:
}
} >The way sending the response back is usually accomplished is to manually
} >add an ARP entry for the host at its new address, if the incoming interface
} >was an ethernet, or to configure the arrival interface's destination
} >with the new address if the incoming interface was point-to-point. Then
} >you can send the response back addressed to the host's new address on
} >a regular UDP socket. In fact just broadcasting the response back will
} >work as well, too, the client is required to verify that the response is
} >to its own request from the contents of the dhcp packet in any case.
}
} and...if the address isn't on the local network, then adding an arp
} entry will fail, no? i ought still to be able to answer such a dhcp
Why would it? It just wouldn't do you a lot of good. UNIX
doesn't prevent you from doing dumb things since that would also
prevent you from doing clever things (in this case, think Mobile IP).
} request, no? i'm stuck on seeing the possibility of a discrepancy
Yes. You need to send the answer to the DHCP relay agent that
forwarded the request to you.
} between the link layer address that the packet comes from and the link
} layer address as embedded in the dhcp packet itself...kinda like the
This would be case if a packet was relayed. The DHCP server would
see the "link layer add that the packet comes from" as being the MAC
address of the relay agent.
}-- End of excerpt from Andrew Brown