• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Rogue DHCP - Is this possible to exploit?

Scheduled Pinned Locked Moved General pfSense Questions
5 Posts 4 Posters 956 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    repne
    last edited by Apr 2, 2015, 8:11 PM

    Perhaps a stupid question, but I guess it doesn't hurt to ask.

    Suppose I have a pfSense router with a LAN interface that has a static IP address of 192.168.1.1/24, and the WebUI is accessible from this network. I also have a WAN interface that is configured as a DHCP client and gets its IP address from the ISP or the "parent" DHCP server. Now suppose the ISP decides for some strange reason to reset the connection and program its DHCP server to offer my router an IP address of 192.168.1.1 which is the same as the one on the LAN.

    Does that make the WebUI accessible from the WAN?

    1 Reply Last reply Reply Quote 0
    • D
      doktornotor Banned
      last edited by Apr 2, 2015, 8:13 PM

      Uhm. Having WAN and LAN on the same subnet will make your router completely broken…

      1 Reply Last reply Reply Quote 0
      • D
        Derelict LAYER 8 Netgate
        last edited by Apr 2, 2015, 9:25 PM

        Don't use anything in the following ranges for local networks ever: 10.0.0.0/8, 192.168.0.0/24, 192.168.1.0/24.  Adhering to this simple rule will reduce your likelihood of conflicting with someone else by like 99.9%.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Apr 2, 2015, 9:42 PM

          No that does not make the webgui available via the wan.. Does not matter what IP you have on the wan.. Do you have a rule on your wan interface to allow access to 80/443 or whatever port you have your webgui listening on.  If not then no it would not be available no matter what the IP was.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • R
            repne
            last edited by Apr 4, 2015, 8:08 PM

            Thanks. Also protected, if you have Block Bogon/Private networks enabled on WAN.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received