RE: Filtering DHCP Assignments by MAC Address

From: David Vincent (david.vincent_at_mightyoaks.com)
Date: 06/20/03

  • Next message: Levinson, Karl: "RE: Filtering DHCP Assignments by MAC Address" 
    To: "'FOCUS-MS@SECURITYFOCUS.COM'" <FOCUS-MS@SECURITYFOCUS.COM>
Date: Fri, 20 Jun 2003 08:23:12 -0700

    it is possible to set up reservations for each ip address based on the mac
    address of each nic. it would be a lot of work depending on the sixe of
    your network, and then, what was the point of going to DHCP?

    if your network is copmletely win2k you could institute an IPSec policy for
    the domain, via group policy force the servers to only communicate encrypted
    and set your workstations to reply encrypted when they are asked.

    then, someone coming into your network cannot simply plug-in and get going.
    they won't be able to talk to the DHCP server as it will want encrypted
    comm. you could then manually assign them an IP and external DNS not on
    your network. then they should be able to talk to your gateway and have
    internet, but not have access to the rest of the network.

    (hope you're not running a domain member w2k server as your gateway)

    -d

    > -----Original Message-----
    > From: Jake Frost [mailto:jakefr0st@hotmail.com]
    > Sent: Thursday, June 19, 2003 2:51 PM
    > To: FOCUS-MS@SECURITYFOCUS.COM
    > Subject: Filtering DHCP Assignments by MAC Address
    >
    >
    > We have just converted to DHCP and would like to limit the
    > ability of people
    > to plug in to the network without authorization. In Win2K is
    > it possible to
    > limit DHCP assignments by MAC address or some other mechanism
    > to keep rogue
    > machines out? My server admins have been researching this
    > but can't find a
    > method to achieve what we want. Thanks.
    >
    > Jake
    >
    > _________________________________________________________________
    > MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
    > http://join.msn.com/?page=features/virus
    >
    >
    > --------------------------------------------------------------
    > ---------------
    > --------------------------------------------------------------
    > ----------------
    >

    -----------------------------------------------------------------------------
    ------------------------------------------------------------------------------

  • Next message: Levinson, Karl: "RE: Filtering DHCP Assignments by MAC Address"

    Relevant Pages

    • Re: Preventing DHCP from allocating IPs
      ... Each segment is physically separate with a Linux ... unknown MAC addresses firstly don't get a DHCP ... >> wants access to your network, they will have to come to you to obtain ...
      (Security-Basics)
    • RE: Problems with Permissions
      ... For the "Network Configuration Wizard" not accessible issue, ... The DHCP not working properly issue may due to DNS not correctly ... ipconfig /all on SBS server, ...
      (microsoft.public.windows.server.sbs)
    • Re: networking private and public hosts questions
      ... some systmes in storage to create a test network. ... a WS to the child and attempted to pull an IP from the DHCP server, ...
      (microsoft.public.win2000.networking)
    • Re: Multiple IP Schemes for Different Buildings
      ... The linksys on your first network stays as it is, ... DHCP broadcast is on the local subnet only, ... router to forward internet traffic to your firewall. ... If each server has it's own DHCP server then I don't need to worry ...
      (microsoft.public.windows.server.general)
    • Re: Slow Network Speed from 2008 Server
      ... Network Adaptor properties which are a bit scary. ... I'm running AD on it as well as SQL Server 2005. ... that the DHCP didn't work. ...
      (microsoft.public.windows.server.networking)