Re: Setting specific IP address?

From: Michael Pelletier (mjpelletier_at_mjpelletier.com)
Date: 05/11/05

  • Next message: Michael Pelletier: "Re: Setting specific IP address?"
    Date: Tue, 10 May 2005 19:30:38 -0700
    
    

    nemo_outis wrote:

    > Winged <Winged@nofollow.com> wrote in
    > news:897b6$42815b5e$18d6d844$24764@KNOLOGY.NET:
    >
    > ...snip...
    >> Of course you can allow only registered MACs to gain an address and
    >> use DHCP. Is it required, probably not, but it can make life easier
    >> especially with geographically dispersed networks. Since you also
    >> have to register the host to the domain this information can be easily
    >> gathered at the same time you are setting certificates and gathering
    >> host, license and inventory information within your netinit script.
    >>
    >> In a large network it is sometimes fun finding that duplicate IP that
    >> someone (I won't pick on our help desk personnel) set erroneously.
    >> Especially if the subnet is geographically dispersed across several
    >> buildings. Usually requires trapping the IP to trace the IP through
    >> the switch and identify the wire and cable box the wire is attached
    >> to. Information can be gathered through SMS though with groups moving
    >> around frequently static IP's can be a hassle. It can be managed, but
    >> DHCP can be used relatively securely an reduces the management
    >> overhead and the pain in movement. By relying on MAC management,
    >> instead of IP management, it can make certain misbehaviors easier to
    >> identify. Aliens on the network issues disappear. While for various
    >> reasons certain hosts must have IPs reserved we have never had a
    >> serious security issue with DHCP, not saying it couldn't happen....
    >>
    >> Winged
    >>
    >
    >
    > Every bit helps. However, it is trivial to spoof MACs.
    >
    > Regards,

    True both MAC and IP spoofing is quite trivial...and quite lethal if you
    know what you are doing...

    ...the long term solution is 802.1x but vendor support has been slow...

    Michael

    -- 
    "Trusted Computing" is a SCAM
    http://www.gnu.org/philosophy/can-you-trust.html
    Protect your rights
    http://www.eff.org/
    http://www.publicknowledge.org/
    

  • Next message: Michael Pelletier: "Re: Setting specific IP address?"

    Relevant Pages

    • Re: Setting specific IP address?
      ... > Of course you can allow only registered MACs to gain an address and ... > DHCP can be used relatively securely an reduces the management ... it is trivial to spoof MACs. ...
      (alt.computer.security)
    • Re: Setting specific IP address?
      ... >>Of course you can allow only registered MACs to gain an address and ... >>DHCP can be used relatively securely an reduces the management ... By relying on MAC management, ...
      (alt.computer.security)
    • DHCP or not - whats happening?
      ... (previously they just used DHCP). ... Eventually I noticed that the router could reserve IP addresses based on ... so I told it the Macs' MACs and ... eg the router normally doles out 192.168.0.2 -> .7ish ...
      (uk.comp.sys.mac)
    • Re: WRT54G and Static Clients
      ... assign certain IP's to certain MACs (or hostnames)? ... And then exclude those IP's from the DHCP pool? ... Use 3rd-party software such as openWRT or DD-WRT on your WRT54G. ...
      (alt.internet.wireless)
    • Re: Microsoft DHCP and Client Macintosh
      ... Are necessary the services macintosh install to you on the DHCP? ... Your Macs can acquire IP addresses via DHCP just as a Windows client does. ... I don't know of anything in DHCP you can configure to exclude Mac clients, ...
      (microsoft.public.win2000.macintosh)