Re: [m0n0wall] mono wall 1.11 susceptible to dhcp dos attack

From:	Kris Maglione <bsdaemon at comcast dot net>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] mono wall 1.11 susceptible to dhcp dos attack
Date:	Thu, 15 Sep 2005 14:51:27 -0400

Chris Buechler wrote:

>m0n0wall was never intended to serve as a large-scale DHCP server, and
>Manuel has stated in the past if you need to handle large loads or
>need any options more than what's now in the GUI, you need a "real"
>DHCP server.
>  
>
If the WebGUI does have enough options, though, and you like the ease of 
access, you might hack the sources to mount a rw partition and write the 
dhcpd lib directory there. You chould also just create a larger RAM 
disk. I'd be willing to hack up a custom image for the purpose, if you 
want it. Mounting a real rw partition, though, is an extremely bad idea 
if you use CF, since the dhcpd leases file changes so much.