[FS#1132] Default config exposes ipv4 UDP port 68 to the entire Internet
LEDE Bugs
lede-bugs at lists.infradead.org
Wed Nov 1 03:23:16 PDT 2017
The following task has a new comment added:
FS#1132 - Default config exposes ipv4 UDP port 68 to the entire Internet
User who did this - Peter Backes (rtc)
----------
You are completely missing the point. This is not about stealth setups. It is about port 68 being exposed to the entire Internet. This is not necessary, so it shouldn't be done, period. Only the DHCP server needs to talk to port 68, not some skript kiddies dynamic IP address from some shady ISP.
The fact that stealth setups are broken is merely a side-effect of the issue. It is by no means the only or the main point.
Should there be a remotely exploitable bug in udhcpc, the current standard config does not prevent that from being abused. You definitely do not want that.
This should definitely be fixed.
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1132#comment3723
More information about the lede-bugs
mailing list