Hello, I'm using the newest Gargoyle.
When I run dnsmasq (dhcp server) on my workstation, I can make DoS attack, because all clients in network will use my server. What is more, I'm afraid, there is possibility of making MITM attack.
What do you think about making firewall rules to block all dhcp servers other than router's. It's useful to temporarily run secondary server, therefore some customization like checkbox would be great.
dhcp spoofing
Moderator: Moderators
Re: dhcp spoofing
Man in the middle on your local network?
If look at changing your locks before your firewall.
If look at changing your locks before your firewall.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: dhcp spoofing
Lantis wrote:Man in the middle on your local network?
If look at changing your locks before your firewall.
I use a Guest network for my invited friends who bring devices with unfriendly apps.
Can you help someone else get Gargoyle up and running?
TL-WDR3600 : Gargoyle 1.9.0 : NBN FixedWireless
TL-WR1043ND-V2 : Gargoyle 1.8.0 : 3G Huawei E160E
TL-WDR3600 : Gargoyle 1.9.0 : NBN FixedWireless
TL-WR1043ND-V2 : Gargoyle 1.8.0 : 3G Huawei E160E
Re: dhcp spoofing
Ok, guest network is some solution for unknown hosts, but there still might be some misconfiguration in known hosts, that can shut down entire network. It's just silly, to leave it as it is.
Re: dhcp spoofing
I don't have a change to test it, so I'm asking. Is this code an solution for the problem?
Code: Select all
# added to /etc/config/firewall
config rule
option name 'no-lan-dhcp-offers'
option src 'lan'
option dest 'lan'
option proto 'udp'
option dest_port '68'
option target 'REJECT'
option family 'ipv4'