Problems with Updates
Derek Broughton
news at pointerstop.ca
Thu Oct 30 00:55:14 UTC 2008
Mario Vukelic wrote:
> On Tue, 2008-10-28 at 21:47 -0300, Derek Broughton wrote:
>> Of course - _every_ client opens a port.
>
> I should have phrased it more explicitly. If you read the thread (or
> even just the particular post I linked to) you will note that the point
> was that the dhcp client opens a UDP port.
>
> A client that listens on a TCP port knows who he is talking to and will
> only accept packets from that particular host. This is different for a
> UDP port, which the dhcp client listens on. That port will basically
> accept anything from the LAN that is sent to it.
I understand that, but I don't think it makes a huge deal of difference - if
the DHCP client only opened TCP ports, it would still be as vulnerable to a
compromised DHCP server. I was actually thinking about a buggy DHCP
client, but really you don't even need that - if the DHCP server points you
to my pirate DNS server, I own your Internet.
--
derek
More information about the ubuntu-users
mailing list