On 11/24/11 16:45, Jeppe Toustrup wrote: > On Thu, Nov 24, 2011 at 22:27, James Carlson <carls...@workingcode.com> wrote: >> Read the ndpd.conf(4) man page. And set "ifdefault StatelessAddrConf off" >> in /etc/inet/ndpd.conf. > > Ah, thank you for the pointer. I tried it out and It is in fact > "StatefulAddrConf" which has to be disabled. So the line that goes > inside /etc/inet/ndpd.conf would be: > > ifdefault StatefulAddrConf off > > I like to get DHCP disabled on servers when I don't use it. There is > no need to make it easier for any rouge people to set up a > man-in-the-middle attack, by simply setting up a DHCP server on the > network.
Yeah, you should force them to set up a rogue router, NDP instance, or DNS server instead. ;-} Seriously, though, if someone has physical access to your network, you'll need something stronger than just turning off DHCP. -- James Carlson 42.703N 71.076W <carls...@workingcode.com> _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
