+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: Blanking display of MAC and IP (/showthread.php?tid=11043)
Blanking display of MAC and IP - acj - 2018-03-09 17:06
I currently burn the 14e4-1656 and would like to blank out the DHCP details. Is this possible?
RE: Blanking display of MAC and IP - NiKiZe - 2018-03-11 21:12
You just want to hide ip from being displayed is that correct?
May I ask why?
It is possible by modifying the code, but it sounds like a bad idea in all ways possible, If you want to do this for some kind of security measure then it is probably a bad idea.
RE: Blanking display of MAC and IP - acj - 2018-03-11 22:06
(2018-03-11 21:12)NiKiZe Wrote: You just want to hide ip from being displayed is that correct?
May I ask why?
It is possible by modifying the code, but it sounds like a bad idea in all ways possible, If you want to do this for some kind of security measure then it is probably a bad idea.
It is for security, and would only be required 'after' the intial configuration. Why would you advise against it?
RE: Blanking display of MAC and IP - NiKiZe - 2018-03-11 22:36
(2018-03-11 22:06)acj Wrote: It is for security, and would only be required 'after' the intial configuration. Why would you advise against it?
Hiding something would fall under "security by obscurity" and doesn't make sense.
In what way would hiding this information make it more secure? What kind of attack are you considering trying to prevent?
To have any use of the MAC address you would have to be on the same L2 network, and at that time you will see any dhcp-discover anyway since that is broadcast. The only reason to hide IP would be if it is a public address, but even then security should be handled on a different level.
And of course for any kind of debug purposes this is horrible.
This might work fine when you set it up, but what happens 2-3 years down the road when things break down and no one else can debug the issue and missing mac/ip just makes it harder.
RE: Blanking display of MAC and IP - acj - 2018-03-11 23:02
(2018-03-11 22:36)NiKiZe Wrote:(2018-03-11 22:06)acj Wrote: It is for security, and would only be required 'after' the intial configuration. Why would you advise against it?
Hiding something would fall under "security by obscurity" and doesn't make sense.
In what way would hiding this information make it more secure? What kind of attack are you considering trying to prevent?
To have any use of the MAC address you would have to be on the same L2 network, and at that time you will see any dhcp-discover anyway since that is broadcast. The only reason to hide IP would be if it is a public address, but even then security should be handled on a different level.
And of course for any kind of debug purposes this is horrible.
This might work fine when you set it up, but what happens 2-3 years down the road when things break down and no one else can debug the issue and missing mac/ip just makes it harder.
Point taken, I have been asked if it was possible and would like to test and present the pros and cons. Could I use the config command in a tftp ipxe file to get site of data that way if needed. I use DHCP reservations acroos the whole scope.