So I have FreeBSD 14.0 with several real network interfaces (em0, igb0, wlan0, wlan1) and several loopback interfaces for jails. This configuration isn't final yet as I'm still experimenting. One of the real interfaces is facing the ISP, obviously, and hence it's configured by
What bothers me is that I have no control over the upstream DHCP server. I realize that I'm being a bit paranoid here, but what if upstream DHCP server assigned my public interface the same ip I use for my internal interfaces (in this example, 192.168.30.1)? I tried such evil configuration in my home testbed, and it succeeded! I ended up with
I've searched some boards/Q&A sites to see if it's possible to configure
Am I overthinking the threat? What mitigation is possible? Should a dhclient feature request be filed (assuming it really has no way to decline malicious offers)?
dhclient
. It could be em0 or wlan1, depending on location. Other interfaces are configured statically in /erc/rc.conf. All internal and jail loopback interfaces are assigned fixed ip4 addresses from the private address space 192.168.0.0/16. For example, let's assume lo1
for jails uses ip4 192.168.30.1.What bothers me is that I have no control over the upstream DHCP server. I realize that I'm being a bit paranoid here, but what if upstream DHCP server assigned my public interface the same ip I use for my internal interfaces (in this example, 192.168.30.1)? I tried such evil configuration in my home testbed, and it succeeded! I ended up with
ifconfig
reporting the same ip4 address for both em0 and lo1, with lo1 completely thrown out of the routing table (no mention of lo1 in netstat -4rn
ever) and inaccessibe. So I guess, such misconfiguration would ruin (well, 'interfere with' at the very least) the operation of jailed services. That basically constitutes a successful denial of service attack: som external action disrupts operation of my local services. Well, I don't think my ISP would ever pull such joke, but malicious DHCP servers are still possible in unsafe environments (say, visiting EvilHackers' cafe and using their free WiFi spot).I've searched some boards/Q&A sites to see if it's possible to configure
dhclient
to never accept certain offers (the ones with certain iface addresses) but that seems not possible. It seems dhclient can ignore offers from certain servers, which isn't quite the same.Am I overthinking the threat? What mitigation is possible? Should a dhclient feature request be filed (assuming it really has no way to decline malicious offers)?