Netboot Mailing List (by thread)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security problem



Giuseppe Patane' wrote:
> 
> Hi,
> I use netboot to boot my cluster of Linux PCs. All of the PCs in the
> cluster are visible only inside my private network. But, the server
> containing the bootpd has two network cards and it is connected to the
> external LAN, too. Some questions about this:
> 1) Can somebody on the external LAN change the MAC address of a network
> card and boot from my server as if it was a machine of mine ?
> 2) To avoid the previous problem, can I prevent the bootpd from listening
> to the card connected to the external LAN ?
Yes. Use a firewall (if Your server is an Linux PC, read the Firewall-HOWTO,
it is quite simple: No IP from your internal net should be allowed to
do anything on your external card.

Further, you could deny all requests to the broadcast address on the
external card

klaus
-- 
mit freundlichen Gruessen,
Klaus Muth
 
HAGOS eG                 Industriestr. 62       fon: (+49) 711 78805-86
EDV-Programmierung       D-70565 Stuttgart      fax: (+49) 711 78805-99
http://www.hagos.de      Germany                mailto:muth@hagos.de
-----------------------------------------------------------------------
Alle  heissen  hier  Klaus,   nur  nicht  Norbert,  der  heisst  Ernst!
===========================================================================
This Mail was sent to netboot mailing list by:
Klaus Muth <muth@hagos.de>
To get help about this list, send a mail with 'help' as the only string in
it's body to majordomo@baghira.han.de. If you have problems with this list,
send a mail to netboot-owner@baghira.han.de.



For requests or suggestions regarding this mailing list archive please write to netboot@gkminix.han.de.