"Shellshock" bash bug

[Gene Heskett]

On Saturday 27 September 2014 02:45:50 Colin Law did opine
And Gene did reply:
> On 27 September 2014 01:33, Gene Heskett <gheskett at wdtv.com> wrote:
> > On Friday 26 September 2014 17:50:25 Colin Law did opine
> > 
> >> ...
> >> It seems however that my initial assumption is correct, that if they
> >> cannot login as they do not have the key then they cannot exploit
> >> the vulnerability.
> > 
> > We are being told by the finders that no login is needed.
> 
> True, it seems that web server and dhcp can also be attacked, however
> since only port 22 is open and dhcp is from my router then it seems I
> am safe, provided the router is clean.
> 
> Cheers
> 
> Colin

A second point in the good routers is that you can and should, disable 
access to port 22 from the outside world, making that only accessible from 
your local 192.168.nnn/24.  But that has little to do with its dhcp which 
could still be hackable.

But I see this as an argument against making use of the dhcpd in your 
router to get your local address thereby blocking a hack attempt by not 
using what could be a compromised dhcpd in your router.

I never have and never will use dhcp on my local machines as I use 
/etc/hosts as my local dns, (identical files on all machines) and only dns 
requests that the hosts file can't answer are forwarded to the router at 
192.168.nnn.1.  Those queries the routers limited cache can't answer are 
of course forwarded to the dns servers whose addresses it acquired when it 
last refreshed its lease with the ISP.

But it's not dns we are discussing. It's dhcp, and I am telling you of an 
alternative to ever calling dhcp, thereby removing one attack vector from 
the mix.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS