RE: Blocking Access to Non-domain computers
From: Dan and Liz Boyson (dobandewb_at_juno.com)
Date: 08/29/04
- Previous message: P S: "e-mail tracing"
- In reply to: Steven A. Fletcher: "RE: Blocking Access to Non-domain computers"
- Next in thread: Steven A. Fletcher: "RE: Blocking Access to Non-domain computers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Steven A. Fletcher'" <sfletcher@integrityts.com>, "'Andreas'" <andreas@inferno.nadir.org>, <security-basics@securityfocus.com> Date: Sat, 28 Aug 2004 16:39:50 -0700
Another way to approach this might be to let them have an ip address, but
then deny them the use of a different IP service (maybe DNS?) so though they
had an ip address, it was essentially useless.
Daniel Boyson
-----Original Message-----
From: Steven A. Fletcher [mailto:sfletcher@integrityts.com]
Sent: Tuesday, August 24, 2004 9:54 PM
To: Andreas; security-basics@securityfocus.com
Subject: RE: Blocking Access to Non-domain computers
That is the only option I can think of. If you think about it, how could
you keep non-domain computers from getting an IP address? As far as I know,
there is no provision in DHCP for such control. For the system to determine
whether or not to give the machine an address, the machine would need to be
able to communicate with the domain controllers, which would require an IP
address for the communication to be able to happen.
Steve Fletcher
Senior Network Engineer, MCSE (NT4/Win2k), HP Master ASE, CCNA,
Security+
Integrity Technology Solutions
Phone: (309)664-8129
Toll Free: (888) 764-8100 ext. 129
Fax: (309) 662-6421
sfletcher@integrityts.com
-----Original Message-----
From: Andreas [mailto:andreas@inferno.nadir.org]
Sent: Monday, August 23, 2004 2:16 PM
To: security-basics@securityfocus.com
Subject: Re: Blocking Access to Non-domain computers
Hello,
On Thursday 19 August 2004 16:58, Brian Gehrke wrote:
> I am running a W2K domain, using DHCP. Is it possible to block
> non-domain computers from getting an IP address from the DHCP server,
so
> they will not be able to access the Internet through the network.
is dhcp by mac address (which of course can easily be spoofed)
an option?
regards,
andreas
------------------------------------------------------------------------
--- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
- Previous message: P S: "e-mail tracing"
- In reply to: Steven A. Fletcher: "RE: Blocking Access to Non-domain computers"
- Next in thread: Steven A. Fletcher: "RE: Blocking Access to Non-domain computers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
