FreshTomato Wiki

User Tools

Site Tools

Trace:
basic-static

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
basic-static [2023/06/27 16:13] – [Configuring DHCP Reservations] -formatting hogwildbasic-static [2023/06/27 16:15] – [Security Limitations] -formatting-change to Head3 hogwild
Line 28: Line 28:
 As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato's DHCP Reservation mapping. As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato's DHCP Reservation mapping.
  
-Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (or "ARP cache") is still filled in dynamically using ARP broadcasts. That means that unless we add something else, FreshTomato is relying on client devices to be honest about their MAC addresses. The data source for ARP mappings is assumed to be “honest” and accurate, even though that source is often the network clients themselves. Under such conditions, there's not much to stop unauthorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the router or gateway's MAC address. All this could have serious consequences. This is where Static ARP becomes useful.+Even if everything else were working properly, only DHCP lease //offers// are made static. The router's IP→MAC neighbour cache (ARP cache) is still filled in dynamically using ARP broadcasts. That means that unless we add something else, FreshTomato is relying on client devices to be honest about their MAC addresses. The data source for ARP mappings is assumed to be “honest” and accurate, even though that source is often the network clients themselves. Under such conditions, there's not much to stop unauthorized or malicious clients from pretending to be a different MAC address (ARP spoofing). ARP spoofing could even include spoofing the router or gateway's MAC address. All this could have serious consequences. This is where Static ARP becomes useful. 
  
 ==== Inconsistent Terminology ==== ==== Inconsistent Terminology ====
basic-static.txt · Last modified: 2023/06/27 16:21 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki