Opened 3 years ago

Last modified 3 years ago

#5167 new enhancement

Kea should be able to drop traffic from badly behaving spamming client

Reported by: tomek Owned by:
Priority: medium Milestone: Outstanding Tasks
Component: dhcp Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

The idea and its mitigation for dhcpd is discussed in AA-00211 article in KB. The question is how to handle that in Kea.

It seems the easiest way is to introduce a class with special meaning, e.g. "drop". If packet is classified to that class, it gets dropped immediately.

Admin would take advantage of that capability by either defining a class (and ban whole group of devices at once) or could define host reservations (without any addresses) and "client-class": "drop".

Subtickets

Change History (1)

comment:1 Changed 3 years ago by hschempf

  • Milestone changed from Kea-proposed to Outstanding Tasks

Per 9 Mar team meeting, move to outstanding

Note: See TracTickets for help on using tickets.