Re: Filtering DHCP Assignments by MAC Address
From: Justin Pryzby (justinpryzby_at_users.sf.net)
Date: 06/23/03
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #142"
- Maybe in reply to: Jake Frost: "Filtering DHCP Assignments by MAC Address"
- Next in thread: Justin Pryzby: "Re: Filtering DHCP Assignments by MAC Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Jun 2003 11:05:55 -0700 To: Stuart Fox <StuartF@datacom.co.nz>, focus-ms@securityfocus.com, jakefr0st@hotmail.com
You can set up users' default gateway to reject unregistered ip
addresses. I know of at least 2 universities that do this. The
gateway redirects tcp:80 requests to http://start/, which is a page
that says prompts for username,passwd, and detects mac address.
In this case, a static IP would also fail. However, users can still
spoof their mac address. Or rewrite the network card's EEPROM.
But they're not supposed to know that.
Justin
On Mon, Jun 23, 2003 at 07:25:05PM +0000, Stuart Fox wrote:
>
> Assuming you do that, what's to stop someone plugging in with a static IP
> address and getting around whatever restrictions you have in place?
>
> By assigning by MAC address you've just transferred your problem of keeping
> track of IP addresses to keeping track of MAC addresses & IP addresses. You
> might as well go back to static IP in that instance.
>
> Cheers
>
> Stu
>
> > -----Original Message-----
> > From: Jake Frost [mailto:jakefr0st@hotmail.com]
> > Sent: Friday, 20 June 2003 9:51 a.m.
> > To: FOCUS-MS@SECURITYFOCUS.COM
> > Subject: Filtering DHCP Assignments by MAC Address
> >
> >
> > We have just converted to DHCP and would like to limit the
> > ability of people
> > to plug in to the network without authorization. In Win2K is
> > it possible to
> > limit DHCP assignments by MAC address or some other mechanism
> > to keep rogue
> > machines out? My server admins have been researching this
> > but can't find a
> > method to achieve what we want. Thanks.
> >
> > Jake
> >
> > _________________________________________________________________
> > MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
> > http://join.msn.com/?page=features/virus
> >
> >
> > --------------------------------------------------------------
> > ---------------
> > --------------------------------------------------------------
> > ----------------
> >
>
> -----------------------------------------------------------------------------
> ------------------------------------------------------------------------------
>
-----------------------------------------------------------------------------
------------------------------------------------------------------------------
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #142"
- Maybe in reply to: Jake Frost: "Filtering DHCP Assignments by MAC Address"
- Next in thread: Justin Pryzby: "Re: Filtering DHCP Assignments by MAC Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
