[OpenIndiana-discuss] Disable DHCP on a IPv6 configuration

James Carlson carlsonj at workingcode.com
Sat Nov 26 15:52:38 UTC 2011


On 11/24/11 16:45, Jeppe Toustrup wrote:
> On Thu, Nov 24, 2011 at 22:27, James Carlson <carlsonj at workingcode.com> wrote:
>> Read the ndpd.conf(4) man page.  And set "ifdefault StatelessAddrConf off"
>> in /etc/inet/ndpd.conf.
> 
> Ah, thank you for the pointer. I tried it out and It is in fact
> "StatefulAddrConf" which has to be disabled. So the line that goes
> inside /etc/inet/ndpd.conf would be:
> 
>     ifdefault StatefulAddrConf off
> 
> I like to get DHCP disabled on servers when I don't use it. There is
> no need to make it easier for any rouge people to set up a
> man-in-the-middle attack, by simply setting up a DHCP server on the
> network.

Yeah, you should force them to set up a rogue router, NDP instance, or
DNS server instead.  ;-}

Seriously, though, if someone has physical access to your network,
you'll need something stronger than just turning off DHCP.

-- 
James Carlson         42.703N 71.076W         <carlsonj at workingcode.com>



More information about the OpenIndiana-discuss mailing list