Re: Nmap questions concering my router

From: Volker Birk (bumens_at_dingens.org)
Date: 08/21/05

• Next message: Sam: "ZA6 (Free)+ezAV vs. ZAAV"
• Previous message: Nicky: "Re: Nmap questions concering my router"
• In reply to: Nicky: "Re: Nmap questions concering my router"
• Next in thread: Nicky: "Re: Nmap questions concering my router"
• Reply: Nicky: "Re: Nmap questions concering my router"
• Reply: Moe Trin: "Re: Nmap questions concering my router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 21 Aug 2005 18:56:25 +0200

Nicky <hackeras@gmail.com> wrote:
> > DHCP can be made more secure, with extra work on the server application
> > that can only be done on-site (example, in your house), but this requires
> > more skills. My opinion is that it is easier to set up hard (static)
> > addresses on each computer than to set up DHCP securely. The seven
> > computers in my house are all done that way, as are the more than 1800
> > systems where I work.
> As i asekd before i dont really understand what amkes a DHCP server
> unsecure.

A basic DHCP setup will not do to be secure against spoofing.

DHCP security related options like i.e. IEEE 802.1X / RADIUS are required
to be secure against such attacks.

And this requests to have IEEE 802.1X in the switch and a RADIUS server
up and running. This is more complicated that a simple DHCP setup.

BTW: static addresses are not secure against spoofing either ;-)

Yours,
VB.

-- 
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
                                    Harald Schmidt zum "Weltjugendtag"

---

• Next message: Sam: "ZA6 (Free)+ezAV vs. ZAAV"
• Previous message: Nicky: "Re: Nmap questions concering my router"
• In reply to: Nicky: "Re: Nmap questions concering my router"
• Next in thread: Nicky: "Re: Nmap questions concering my router"
• Reply: Nicky: "Re: Nmap questions concering my router"
• Reply: Moe Trin: "Re: Nmap questions concering my router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: DHCP lease to Domain members only ... server so that it only gives IP's out to those computers whose computer ... accounts are registered in the Active Direcory? ... DHCP is a promiscuous service that is neither specific to ... get one -- it's not truly secure but will stop causal abuse. ... (microsoft.public.windows.server.active_directory) Re: DHCP and DNS dynamic registration ... I think I have set in the DNS server to take both secure and non secure. ... I guess in the other domain where DHCP is not authorized, ... (microsoft.public.windows.server.general) Re: Overwrite existing secure dns update with third part DHCP servers, is it possible? ... When used, this allows DHCP to register the record, but also ... Microsoft MVP (Windows Server System: ... > We have configured the DNA server to allow non secure and secure updates. ... (microsoft.public.windows.server.dns) Re: Overwrite existing secure dns update with third part DHCP servers, is it possible? ... When used, this allows DHCP to register the record, but also ... Microsoft MVP (Windows Server System: ... > We have configured the DNA server to allow non secure and secure updates. ... (microsoft.public.win2000.dns) Re: WPA and DHCP ... On our office network (Active Directory, DHCP, DNS etc) we have three ... WPA is still secure with a strong passphrase. ... John Navas FAQ for Wi-Fi: ... (alt.internet.wireless)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2005-08