-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
En nombre de John Bailey
Enviado el: Viernes, 22 de Mayo de 2009 12:53
Para: Doug McFarland
CC: security-basics@xxxxxxxxxxxxxxxxx
Asunto: Re: DHCP

Doug McFarland wrote:
Hi all,

I am looking for a way to block any PC that plugs into my network
is not authorized to access any network resources-servers, firewalls,

etc. Is there a way in DHCP that I can add reservations just for the
PCs that I want to allow the network resources and any other
that happens to be plugged into the network either doesn't get an IP
address, gets a dummy IP address, or something else? I've heard
Windows Server 2008 can do this, but I'm not sure about 2003. Any
suggestions would be greatly appreciated.

Best regards,


You can create reservations for every client, sure. If you have no
addresses in the scope that are not excluded for reservations,
additional clients will not be able to obtain an IP address. That has
only limited usefulness, though, as anyone with sufficient clue can
modify their MAC address to match one of the existing clients and plug
in in its place. For a Linux user, it's trivial--"ifconfig eth0 hw
ether xx:xx:xx:xx:xx:xx", and for other OSes it's only somewhat more



Step 1: create a DHCP server with information about your "registered"
MAC, this server will send IP address and parameters for configure the
*authorized* clients.
Step 2: create a second DHCP server with information about an
nonexistant network (another IP scope), several parameters, and, this is
the important part, a DNS record for a nonexistant server wich route is
found inside your network (lets say an internat machine wich is not
configured), now you can obtain a list for the MAC registered with this
Step 3: take as input the *decoy MAC* address list and send to them a
FIN frame every 5 minutes.
Step 4: You can take a look at your firewall interla interface for the
MAC address coming from inside your network. You can sort this list and
remove *authorized* MAC address, according to information actualy keep
from step 1.
Step 5: Add the address that remains in the list of Step 4 and go back
Step 3.

It's done.

I hope this could help.

This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!