| Forcing a static nameserver in the face of rogue DHCP servers | ||
|---|---|---|
 | Part V. Configuring Linux subsystems |  |
| Forcing a static nameserver in the face of rogue DHCP servers | ||
|---|---|---|
| | Part V. Configuring Linux subsystems | |
In an unfirewalled network, we are faced with the threat of zombies running 'shadow' DHCP servers: they give out IP addresses exactly like the proper DHCP server would, but they forge the domain-names-server to be outside of our network. This has the effect of giving the intruders control over DNS lookup on our DNS clients, which may facilitate phishing and MITM attacks.
Our Linux PCs can be told to ignore the DNS information they receive via DHCP and use statically configured servers:
Open /etc/dhcp3/dhclient.conf and edit:
supersede domain-name-serversip-of-first-dns-server,ip-of-second-dns-server;
Tcpdumping DHCP info is done like this:
tcpdump -i eth0 -len -s 1500 port bootps or port bootpc and not host ip-of-proper-DHCP-server
but this doesn't show DHCPOFFERs on a switched network, so unless one controls the switches, it's pretty useless.
| |  | |
| $GENERATE records in BIND9 config |  | Fixing the NIS port |