Richard -
I think the rfc's you refer to are actually rfc15{4,3}1 rather than
rfc13{5,4}1 - which are the SNMP and MIME rfc's... FYI.
Ben
On Tue, 1 Mar 1994 10:45:41 You said:
The "Networking" section of _PC Week_ occasionally provides interesting
information on new capabilities of those annoying little boxes that just
won't go away ;).
The latest one ( Vol 8 No 11, Feb 28 94, p35 ) mentions an intention
by Microsoft to support dynamic IP addressing to make it "easier for
administrators to move NT systems on a network and to support portable
NT systems."
"WINS (Windows Internet Naming Service) track IP addresses and the system
names to which they are assigned. WINS works with the [IETF]'s Dynamic
Host Configuration Protocol, which uncouples IP addresses from physical
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
node addresses and reassigns them as nodes go off-line or users move to
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
different systems."
^^^^^^^^^^^^^^^^^
Ugh.
Since this is news to me, I'm still reading the DHCP RFCs ( rfc13{4,5}1 )
-- but, at first pass, it seems as though this can play havoc with certain
weaknesses in IP if a hostile insider wants to mess around. I can also
imagine certain firewall configurations that might break if IP addresses
become even more meaningless than they already are ( e.g., proxies and
wrappers ).
Securing multi-protocol WANs built on dynamically-addressed protocols
( e.g., Vines; Appletalk ) is one of the most difficult security problems
I personally see. The relative stability of IP addresses has been a factor
in my occasional use of IP-encapsulation as a firewalling tool, even if
the router directly supports the protocol in question.
Any of the more seasoned firewallers given any thought to this class of
problem, or know more about DHCP ?
Richard
|
|
