Joel Tran wrote:
Well, I'm trying to poke into that. I don't think it makes sense to take on this work item if it turns out that it only makes sense as part of a network that is designed with serious security issues or complexity problems. If that is so, there is no point in doing this DHCP work.IMHO, It is not meant to be a deep analysis for all the pros and the cons of DHCP and how things can be done or not. At the beginning, you raised some good questions about the applicability of this technique. It was a good call. However, as discuss earlier, I think that there are some circumstances where this technique is applicable and where we might need the end-points to communicate directly with the Midcom middlebox.
This depends on how the username/password are distributed. In any case, pseurandom is the same as being totally random, since once its not static, you need a way to communicate the assignment from the DHCP server to the middlebox. Of course, there are probably several middleboxes, and so you need to distribute the usernames and passwords to those. Or, add a AAA system to avoid having the firewall actually know everyones username and passwords...I don't think we require a big correlation (User/PWD/IP) inorder to> provide a security mechanism. For example, the rules can be : > > 1 - Pinholes can only be created for the source address. > 2 - User joe can only create 10 pinholes or IP source can only > create 10 pinholes. > 3 - ...This rule is susceptible to source address spoofing attacks. It would allow me to direct traffic at a target by faking my source IP to be that of the target.I think DHCP is used mainly by ISP in two cases. The first case concerns the assingment of pseudo-static IP address to client using a DHCP. This technique is mainly used in a shared medium context (cable user for instance). The second case concerns the assingment of dynamic IP address to client. This is mainly used with PPP link (PPOE ADSL network and dialup for instance). In the first case, it is easy to make a policy with the IP/MAC to an user since it is pseudo-static. An attacker would have to clone the MAC/IP and find the correct user/pwd to do a sproofing attacks.