RE: Preventing DHCP from allocating IPs
From: Chad Agate (cagate@tp.devry.edu)
Date: 12/06/02
- Previous message: Jill Tovey: "Re: ICMP on port 3"
- Maybe in reply to: Sarbjit Singh Gill: "Preventing DHCP from allocating IPs"
- Next in thread: Smith, Chris: "RE: Preventing DHCP from allocating IPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Chad Agate <cagate@tp.devry.edu> To: "'ssgill@gilltechnologies.com'" <ssgill@gilltechnologies.com>, Hasnain Atique <hatique@hasnains.com>, Rick Darsey <rdarsey@aims1.com>, jon kintner <jon.kintner@lvcm.com>, security-basics@securityfocus.com Date: Fri, 6 Dec 2002 11:57:59 -0600
We've setup a box running netreg http://www.netreg.org. This uses ISC Bind
and DHCP with some scripts for automatic registration.
Chad
-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill@gilltechnologies.com]
Sent: Friday, December 06, 2002 2:24 AM
To: Hasnain Atique; Rick Darsey; jon kintner;
security-basics@securityfocus.com
Subject: RE: Preventing DHCP from allocating IPs
In my scenarios, the problem is some people who walk into this company are
visitors who come in with different lap tops each time they walk in.
Sometimes they are genuine visitors who has the right to use the LAN and
sometimes these people are visitors who we do not trust or are first time
visitors.
Also the whole idea was to automate the process. Can the ICS dhcpd and dhcp
log, process be automated. I guess the matching of the MAC to the user will
have to very manual. And as i mentioned above, what happens if the dude
shows up again a few days later with another laptop.
and of course the smart people to worry about.
Cheers
Gill
-----Original Message-----
From: Hasnain Atique [mailto:hatique@hasnains.com]
Sent: Friday, December 06, 2002 10:26 AM
To: ssgill@gilltechnologies.com; Rick Darsey; jon kintner;
security-basics@securityfocus.com
Subject: Re: Preventing DHCP from allocating IPs
What about configuring DHCP to assign IP addresses to known MAC addresses
only? I know ISC dhcpd does this and have used it for a couple of clients.
It was fairly easy to build a dhcpd.conf from the dhcp log file .. so no
real headche with collecting MAC addresses for the initial configuration.
But you may still want to match each MAC address to its owner before putting
it in the config file.
This still allows the smarter people to pick and choose an unused IP to
bypass the DHCP mechanism altogether. There's a cycle-intensive solution:
use iptables with MAC-matching for all known MACs.
-- Hasnain
----- Original Message -----
From: "Sarbjit Singh Gill" <ssgill@gilltechnologies.com>
To: "Rick Darsey" <rdarsey@aims1.com>; "jon kintner" <jon.kintner@lvcm.com>;
<security-basics@securityfocus.com>
Sent: Thursday, December 05, 2002 7:14 AM
Subject: RE: Preventing DHCP from allocating IPs
> That was one of my options but seems like the Administrators did want
> to
be
> bothered every time somebody needed an IP.
>
> Gill
>
> -----Original Message-----
> From: Rick Darsey [mailto:rdarsey@aims1.com]
> Sent: Wednesday, December 04, 2002 4:05 AM
> To: jon kintner; ssgill@gilltechnologies.com;
> security-basics@securityfocus.com
> Subject: RE: Preventing DHCP from allocating IPs
>
>
>
> I know this sounds like a really bad way of doing this, but it is the
> only way I can come up with off the top of my head:
>
> Turn of DHCP!! Statically assign all addresses in your LAN. If a
> visitor wants access to your network, they will have to come to you to
> obtain the address, or better yet, create a small DHCP pool that
> visitors can use,
but
> limit the size to prevent users you do not want from accessing the
network.
> The initial setup of the static addresses will take time, but the
> small
DHCP
> pool will still allow visitors to plug in when needed.
>
> Rick
>
> -----Original Message-----
> From: jon kintner [mailto:jon.kintner@lvcm.com]
> Sent: Monday, December 02, 2002 1:04 PM
> To: ssgill@gilltechnologies.com; security-basics@securityfocus.com
> Subject: Re: Preventing DHCP from allocating IPs
>
>
> I know mac addresses can be spoofed pretty easily, but could you setup
> an access list or filter that would disallow all mac addresses except
> for the ones specified on your network(s)? The initial setup would
> probably be tedious, but it's worked fairly well
to
> keep most unauthorized logins off the network at the college I attend.
>
> -jon kintner
>
> ----- Original Message -----
> From: "Sarbjit Singh Gill" <ssgill@gilltechnologies.com>
> To: <security-basics@securityfocus.com>
> Sent: Monday, December 02, 2002 7:22 AM
> Subject: Preventing DHCP from allocating IPs
>
>
> > Greetings all,
> >
> > How do i prevent a client from getting an IP from my DHCP in an
> > Ethernet network. I know i could reserve IPs for all other clients
> > and nobody
gets
> an
> > IP unless reserved earlier, but i have hundreds of clients. I
> > frequently have visitors who need to plug in their laptops into the
> > network and i
> have
> > visitors who are not allowed to plug in their laptops into the
> > network
and
> > get IPs. I do not want these visitors who are not allowed to access
> > the network to get an IP and start accessing internet through my
> > network.
> >
> > What about in a wireless environment. How do i prevent it in a
> > similar capacity.
> >
> > Kind Regards
> > Gill
> >
>
>
>
>
- Next message: Chris Berry: "Re: Adware, spyware, and trojans"
- Previous message: Jill Tovey: "Re: ICMP on port 3"
- Maybe in reply to: Sarbjit Singh Gill: "Preventing DHCP from allocating IPs"
- Next in thread: Smith, Chris: "RE: Preventing DHCP from allocating IPs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
