Security of dhcpd on non-listening interfaces?

Ok, so now that my multiple chrooted dhcp servers idea was shot down in
flames I need to retreat to serving only the more secure vlans.

Some of you appear to know the code well.  How secure is the server from
malicious packets on non-listening interfaces?

What I mean is, does the code identify and discard packets (both ip and raw
sockets) for ignored interfaces prior to doing risky things (like parsing
and memory reallocation)?

Are there links to discussions on this?  I should check out the relevant
sections of code, but before starting from scratch I'll bet there's a wealth
of discussion somewhere.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

[hidden email] wrote:

I don't recall any discussion of this in the past, and I've been on here for quite a few years.

As an alternative tack, can you separate the services onto two (or more) servers ? In my experience, people looking at security to the level you appear to be doing tend to distrust security that relies only on software configuration - and for some of my customers at work that also means not relying on VLANs for traffic separation.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users