WingNews logo WingNews
top | item 36401868

(no title)

johnnny | 2 years ago

Using DHCP, the same tool that can configure any client computer with addresses and gateways, meaning you hopefully secure that already.

Some switches give you tools to mark a few physical ports as "truster", allowing DHCP OFFER from those; and drop (or ever shutdown the port!) when such a packet is received on an untrusted port.

discuss

order

toast0|2 years ago

If you can trust DHCP, why can't you trust TFTP? Your smart switch could drop TFTP packets just like it drops DHCP packets and you're good again.

(Yes, yes, pxe doesn't check for secureboot signatures)