* Posts by Gautier

1 publicly visible post • joined 10 Dec 2008

New trojan in mass DNS hijack

Paris Hilton

DHCP in the switch

One of the easiest solution that will not require modifications of DHCP protocol, server and client, will be to proxy the DHCP server inside the LAN switch. As the switch will be the first in the chain to receive the DHCP request, it will most probably be the first to reply. Compromising the switch seems more difficult than compromising a PC. The switch may not (or may) act as a DHCP server but will forward the request to a know DHCP server, with the Mac address of the requesting device. I realize that, as there is no authentication mechanism between the requester and the DHCP proxy, there is a theoretical possibility of DHCP high jacking if a rogue DHCP server answer faster than the Switch: But it is a very unlikely possibility and a switch level 3 may even block the DHCP request at its level. Most of the home router/switch already integrate a DHCP servers and many switches already integrate End Point Compliance protocol (NAC, NAP or EAD) linked to a Policy server: Adding a DHCP Policy server in these protocols should not be a big deal. As a quick fix, using such DHCP secured switch seems a easiest solution than DHCPSEC (even if DHCPSEC is where we should go, ultimately). SLL and OpenDNS are clearly not the solutions. It can be a non-obtrusive, optional and transparent implementation by the switch manufacturers.