RE: Preventing DHCP from allocating IPs

From: Jimmy Sansi (jsansi@ritzfoodservice.com)
Date: 12/02/02

  • Next message: Chris Berry: "Re: Survey: Chat and IM" 
    Date: Mon, 2 Dec 2002 11:06:06 -0800
To: <ssgill@gilltechnologies.com>, <security-basics@securityfocus.com>
From: "Jimmy Sansi" <jsansi@ritzfoodservice.com>

    Not being able to distinguish between a valid client or
    not from a network perspective makes it pretty hard. You can
    easily stop this accross the board (with a router, etc).

    It may be a bit more of a hassle but if you know the valid
    clients MAC address ahead of time you could filter out that
    way as well. However its not foolproof against a malicious
    person intent on gaining access.

    In regards to wireless, outside from the above I have seen
    implementations that use a VPN connection that must be
    established before you can access any network resources.

    -Jimmy

    -----Original Message-----
    From: Sarbjit Singh Gill [mailto:ssgill@gilltechnologies.com]
    Sent: Monday, December 02, 2002 10:46 AM
    To: security-basics@securityfocus.com
    Subject: Preventing DHCP from allocating IPs

    Greetings all,

    How do i prevent a client from getting an IP from my DHCP in an Ethernet
    network. I know i could reserve IPs for all other clients and nobody gets an
    IP unless reserved earlier, but i have hundreds of clients. I frequently
    have visitors who need to plug in their laptops into the network and i have
    visitors who are not allowed to plug in their laptops into the network and
    get IPs. I do not want these visitors who are not allowed to access the
    network to get an IP and start accessing internet through my network.

    What about in a wireless environment. How do i prevent it in a similar
    capacity.

    Kind Regards
    Gill

    Relevant Pages

    • Re: Vista clients became unresponsive after network move
      ... was mentioned that DHCP wasn't used, ... used, and all clients are static and incorrectly configured, I can ... network connection. ... IPs are static assigned IPs in 192.168.x.x range. ...
      (microsoft.public.windows.server.networking)
    • Re: Vista clients became unresponsive after network move
      ... was mentioned that DHCP wasn't used, ... used, and all clients are static and incorrectly configured, I can ... All other IPs are ... network connection. ...
      (microsoft.public.windows.server.networking)
    • Re: IP address assignment problem
      ... I have a little problem and seek for ur thoughts, let's assume I'm in a very open environment where everyone can very easily try to get his/her laptop on the network and IP addresses are assigned by a DHCP server and we are in a domain environment, how do I prevent machines that are not part of our domain to be assigned an IP address? ... This approach doesn't stop your rogue clients from connecting to other clients, but merely doesn't give them the information they normally need to do so. ... Using 802.1x, your workstations authenticate through the switch to a radius server before they are allowed any connectivity. ... This authentication can use X.509 certificates, computer account credentials from AD, or whatever else you'd normally configure radius to authenticate with. ...
      (Focus-Microsoft)
    • RE: Dropped Client Connections
      ... I understand that the SBS clients will lose ... Do all clients lose network connection at same time? ... Do you have single or double NICs on SBS? ... Modify the registry to disable Receive Side Scaling ...
      (microsoft.public.windows.server.sbs)
    • Re: Please help me "sell" the idea of a more secure network
      ... changes first should bring the network up a notch or two. ... Do the same thing using a wireless notebook from you company. ... show him a PO or invoice for a customer who had an AV ... products, releases, life cycles, etc, all on the individual clients. ...
      (microsoft.public.win2000.active_directory)
    Loading