[Sunhelp] SunRay's

[Hal Flynn]

They're great, aside from one caveat I mentioned to Sun sometime back
(which coincidentially still isn't fixed in the patches).

I installed a Sun Ray network being served by a 450.  Obviously, you
need two NICs to support it...one for the private Ray network, and one
for the server to the outside world.

Sun Rays require DHCP to boot up, so the server serving them becomes a
DHCP server, along with a bunch of other crap necessary to get the Rays
to boot up.

So, to make a long story short, I install this server on the network
with all the NT workstations in the shop, it starts answering the DHCP
requests for EVERYTHING on the network, successfully creating a DoS
situation[0].

THEREFORE, when installing this thing:

a) if you're going to install it, if you can avoid putting it on a
network with another DHCP server, it's generally a good idea.

b) if you can't avoid it, or even if you can avoid it, you should get
into the initialization script (in /etc/init.d), and make sure you make
an entry for -i (interface) and the interface you want in.dhcpd to
listen on, thus saving yourself pissed off network engineers, angry
bosses, whining NT users, etc.

Aside from that, the Ray's ROCK.  Hope this little tidbit helped. 
Haven't run this accross bugtraq, as it's really more of a configuration
problem, than it is a security hole.  Nonetheless, be careful.

Regards,
Hal


[0]  While I found this incredibly funny, my boss, however, didn't seem
to find the humor in it, putting me in a "head or gut" situation.

> "Fuerst, Robert C. (Chris)" wrote:
> 
>      Anyone out there using sunrays and have comments?
> 
>      Thanks,
>      1st