CVE Alert: CVE-2026-3608 - ISC - Kea - https://www.redpacketsecurity.com/cve-alert-cve-2026-3608-isc-kea/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-3608 #isc #kea

- LAN on eth0: #Kea #DHCP serving internal hosts
- WAN on eth0.3: DHCP client talking to ISP

Kea: „I don't care about VLAN tagging, give me all your packets for my raw socket. By the way, how about using this nice internal LAN address for my hosts WAN interface?“

https://gitlab.isc.org/isc-projects/kea/-/issues/1117

At least the issue has recently been closed (after six years). Now waiting for an updated package to arrive. Or an alternative - whatever comes first. Any recommendations apart from dnsmasq?

#opnsense migration: Complete.

The preparation legwork made lots of things easier, but even once swapped I realized I had about 5% of it wrong.

I also still had a #virtualip in the config from the first hour of having it running when I was trying to migrate away from my VIPs in a #fortigate, which are a TOTALLY different thing.

NAT Reflection eluded me for a good hour, but all the VLANs behave, #kea DHCP seems to be all up and running and #ntopNG is much nicer than some of the built in systems of #fortinet.

#IDS feels innately trickier than before but pros and cons.

Finally, I have some good enough DHCP server.

It is a kea from ISC – the successor of EOLed dhcpd.

The moment, when I switched re0 interface configuration from DHCP to static IP and rebooted the server — was the most touching. The second one — when I disabled DHCP server in the D-Link router, started kea and restarted the router  

Fortunately, the lines from connecting phone appeared in the kea log after some lenghty seconds  

#SelfHosting #dhcp #kea #DHCPv4