RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk?

From: Frank Darden (fdarden@locked.com)
Date: 01/24/03


From: "Frank Darden" <fdarden@locked.com>
To: "Ben Nagy" <ben@iagu.net>, "Gary Flynn" <flynngn@jmu.edu>
Date: Fri Jan 24 20:47:19 2003

If I am not mistaken, http://www.metainfo.com also makes a DHCP server
that behaves in this manner.

Frank

-----Original Message-----
From: Ben Nagy [mailto:ben@iagu.net]
Sent: Friday, January 24, 2003 3:09 AM
To: Gary Flynn
Cc: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] DHCP in a corporate MS environment - Security
Risk?

----- Original Message -----
From: "Gary Flynn" <flynngn@jmu.edu>
[...]
> Ben Nagy wrote:
> > I remember many years ago now people were working on stuff that gave
you
a
> > DHCP lease on a temp VLAN (so you could get IP) then authenticated
you,
then
> > gave you another lease on a different VLAN as per your credentials.
The
> > problem was that it was really convoluted, and DHCP/database server
failure
> > was a show stopper.
[...]
> You mean something like this:
>
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/urt/uurt/
ur1p
lan.htm

Something exactly like that, actually. ;) Convoluted, requires an all
Cisco
switched to the user environment and the URT server is a point of
failure.
From what I hear it didn't sell well, despite being a fantastically cool
technical solution to a hard problem.

I noticed that you were involved in a unisog discussion about this
stuff,
Gary - I couldn't find enough of the messages in my quick search to work
out
whether anyone had a solution that they were satisfied with that didn't
require quite as much single vendor tomfoolery (not that I don't love
Cisco,
by the way). I think I saw something similar, as well, coming out of a
University that had to deal with the wireless issue, using VPN clients
and
proxies which was a seriously cool solution, although only tangentially
related and I'm not sure if it made it onto this list. Given the new
whitepaper on wireless MAC spoofing (and detection measures for same) I
guess people will be thinking about all that again.

Cheers,

ben

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Remote Boot Windows XPE?
    ... ones that come with RBS. ... After building XPe images for these machines we ... any DHCP server including the ones resident in $19 cable routers. ...
    (microsoft.public.windowsxp.embedded)
  • RE: DHCP and bad unique id
    ... the it may be doling out 10 IPs for each RAS client. ... The following is from MS 2003 server website. ... Using Routing and Remote Access servers with DHCPThe DHCP Server service can ... When the Routing and Remote Access server starts with the Use DHCP to assign ...
    (microsoft.public.win2000.networking)
  • Re: SBS 2K3 DHCP Server Pooched?
    ... The SBS DHCP Server was never stopped. ... The following problem occurred with the Jet database -1032: ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS issue - clients not registering
    ... DHCP servers and clients can register with DNS to provide ... this update service if the DNS server supports DNS with dynamic updates. ... A Windows 2000 DHCP server can register with a DNS server and update pointer ...
    (microsoft.public.windows.server.active_directory)
  • Re: SBS 2K3 DHCP Server Pooched?
    ... The SBS DHCP Server was never stopped. ... The following problem occurred with the Jet database -1032: ... but something is now wrong with the SBS DHCP server. ...
    (microsoft.public.windows.server.sbs)