Comment 27 for bug 1558658
Revision history for this message
| Dustin Lundquist (dlundquist) wrote Re: Security Groups do not prevent MAC and/or IPv4 spoofing in DHCP requests | #27 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
@Tristan, A few suggestions for impact description:
1. s/forging discovery protocol source address/forging DHCP discovery source address/ (DHCP is the protocol, discovery is the message type, and could be confused with IPv6 neighbor discovery protocol).
2. In bug/1558674 I generalized this to all non-IP traffic, I think this is relevant to the impact description since it is a more likely attack vector
3. We should mention that both MAC and IP source spoofing where permitted. MAC spoofing effects are limited to local network, while IP spoofing could be used for either a direct DoS or interfering with DHCP leases on other networks.