>Hi, >I use netboot to boot my cluster of Linux PCs. All of the PCs in the >cluster are visible only inside my private network. But, the server >containing the bootpd has two network cards and it is connected to the >external LAN, too. Some questions about this: >1) Can somebody on the external LAN change the MAC address of a network >card and boot from my server as if it was a machine of mine ? Yes, they can change the MAC address, or rather alter their software to send out a MAC address of their choosing. Whether or not they can fetch a file with tftp depends what hosts are allowed to connect to tftpd. >2) To avoid the previous problem, can I prevent the bootpd from listening >to the card connected to the external LAN ? I don't know if bootpd can do this, but certainly ISC dhcpd can restrict the interfaces it advertises on. Don't forget to secure tftpd and NFS too. =========================================================================== This Mail was sent to netboot mailing list by: Ken Yap <ken@nlc.net.au> To get help about this list, send a mail with 'help' as the only string in it's body to majordomo@baghira.han.de. If you have problems with this list, send a mail to netboot-owner@baghira.han.de.
For requests or suggestions regarding this mailing list archive please write to netboot@gkminix.han.de.