Re: Dhcp security

From: Bauer, Henry (Henry.Bauer_at_lendingtree.com)
Date: 01/28/05

  • Next message: Miroslaw Slawek Chorazy: "RE: Preventing multiple logins in 2003" 
    To: Miroslaw Slawek Chorazy <mchorazy@depaul.edu>
Date: Fri, 28 Jan 2005 17:30:55 -0500

    Then the attacker will succeed in getting network access.

    MAC-based security will prevent casual compromise. For a determined
    physical attacker, you need something like 802.1x.

    On Fri, 2005-01-21 at 20:38 -0600, Miroslaw Slawek Chorazy wrote:
    > What if user manually alters the NIC and changes his/her NIC address to
    > that which was registered to and unplugged from the physical port?
    >
    > >>> "Bauer, Henry" <Henry.Bauer@lendingtree.com> 1/21/2005 09:43 >>>
    > A more comprehensive way to accomplish the same thing is ethernet MAC
    > locking your switch. Ciscos, at least, can be told to learn one MAC,
    > then if anything else is plugged in, it disables the port. You don't
    > have to configure each MAC. Manually disable any unused port.

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Miroslaw Slawek Chorazy: "RE: Preventing multiple logins in 2003"

    Relevant Pages

    • Re: Wireless Network in Public Places Options
      ... and implement a static bridging table. ... >> allows traffic to one other ethernet port, ... source MAC addresses. ... Packets with no destination addresses such as broadcasts and DHCP ...
      (microsoft.public.win2000.networking)
    • Re: Scan for "outsider" Pcs on network
      ... can use is the MAC address. ... switch ports by MAC address does not secure one's Ethernet network. ... switch port set up to only accept their mac address. ... OpenBSD Box (SOB) set up as a bridge.He drops it inline with the ...
      (Focus-IDS)
    • Re: Its War!
      ... they know which port is doing what. ... Once they have that MAC address, ... security seriously, they have tied your MAC address to you. ... log into the router for Internet, the mere fact that you can get ...
      (microsoft.public.windowsxp.general)
    • Re: Anybody in Australia willing to sub-hire me? (was: How best to implement HashCons in user
      ... Mac DIN-8 serial ports have only 3 handshake lines - they support ... set in the control panel serial port applet. ... You mean do hardware set on the Mac end of the cable, the modem ... and inside the modem via DCHayes command? ...
      (comp.lang.lisp)
    • Re: port-security and IP Phones
      ... In fact the MAC address was still known on that port ... switchport port-security aging type inactivity ...
      (comp.dcom.sys.cisco)