←back to thread

Rapid DHCP: Or, how do Macs get on the network so fast?

(cafbit.com)
354 points timdoug | 2 comments | 12 Jul 11 17:04 UTC | HN request time: 0.519s | source
Show context
kenjackson ◴[12 Jul 11 17:38 UTC] No.2755611[source]
This implementation by the Mac feels wrong. I mean it appears to work, but it seems like a violation of the protocol and can result in problems on the network. Maybe security issues (?). I'm not an expert in any of these things, but I'd love to hear a network protocol/security experts take on this.
replies(4): >>2755747 #>>2755748 #>>2755926 #>>2756388 #
aaronblohowiak ◴[12 Jul 11 18:09 UTC] No.2755747[source]
Not security. You usually rely upon security for network layers 1-4 as being actual security. Adding additional controls can be useful in slowing down would-be attackers, or "casual" intruders, but they are not "real" security measures.
replies(1): >>2756024 #
cbs ◴[12 Jul 11 19:07 UTC] No.2756024[source]
The lower level networking protocols do rely on some levels of peer trust, but carefully controlling that trust has come a long way in the last decade. If I'm correct in assuming by "actual security" you mean "physical security" you're making some pretty broad and faulty statements (even about layer 1).

There are many networking devices and techniques for hardening hostile networks at layer 2. Layer 3 is IP; to say level 3 (or 4) measures are not "real" is throwing HUGE swaths of security out the window.

replies(1): >>2756304 #
1. aaronblohowiak ◴[12 Jul 11 20:08 UTC] No.2756304[source]
Sorry, I double-posted accidentally and it looks like I deleted the wrong one. I meant that layers 1-4 should not be relied upon to provide your application security. You are right that there are cool advances that can be worthwhile to slow down attackers, but I think that in most circumstances, you will want to make your guarantees higher up the stack*

*I am not a security expert

replies(2): >>2757954 #>>2757955 #
2. ◴[13 Jul 11 05:53 UTC] No.2757954[source]