Re: Static IP Vs DHCP
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 03/01/05
- Next message: T. Sean Weintz: "Re: Static IP Vs DHCP"
- Previous message: Moe Trin: "Re: Static IP Vs DHCP"
- Maybe in reply to: Moe Trin: "Re: Static IP Vs DHCP"
- Next in thread: T. Sean Weintz: "Re: Static IP Vs DHCP"
- Reply: T. Sean Weintz: "Re: Static IP Vs DHCP"
- Reply: david20_at_alpha2.mdx.ac.uk: "Re: Static IP Vs DHCP"
- Reply: Walter Roberson: "Re: Static IP Vs DHCP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 01 Mar 2005 16:46:25 -0600
In article <d01qrj$aio$1@news.mdx.ac.uk>, david20@alpha2.mdx.ac.uk wrote:
>The DHCP servers can generally be configured to keep logs of which IP address
>was given out to which machine (MAC address) at what time and when the address
>was given up.
True, but
1. How many do?
2. How many people have a current database of which MAC is in which computer
and where is that computer? (We do, but we're paranoid.)
>Whether these are private or public addresses has no bearing on whether or not
>to use DHCP.
My point is that the abundance of private addresses eliminates the need for
address sharing/reuse. It's one of the justifications cited in RFC1918.
RFC1531 was written (and quickly replaced by RFC1541) to use BOOTP protocol
for dynamic allocation of reusable network addresses in October 1993. Private
addresses were first proposed in RFC1597 (March 1994), contested in RFC1627
in July 1994, and finally standardized in RFC1918 in February 1996. The DHCP
author was at Bucknell University (a small private school in Lewisburg PA),
though the Dynamic Host Configuration Working Group of the IETF had members
from much larger schools, and industry. Bucknell actually had a /16 assigned
to them in 1989, but only have about 4000 students and staff, so I'm not sure
why they would need reusable addresses. Prior to microsoft's invention of DHCP,
the majority of uses were re-use. In both RFC1541 and RFC2131 which replaced
it, section 7 clearly recognizes (and states that) the protocol is insecure.
>If you have a class C network then why not use it.
Actually, we have several, but we also have around 2000 systems. Their
access to the Internet is intentionally limited, but is mainly through
proxy servers. Most of the public IPs are used in the DMZ.
>NAT is not a security solution see previous posts to this group.
[compton ~]$ /sbin/ifconfig eth0 | grep inet | cut -d':' -f2 | cut -d' ' -f1
192.168.1.126
[compton ~]$
OK, I'll open telnet on this box. Can you connect? True, users doing
stupid things is a bigger problem, and we try to reduce it through the
use of proxy servers and whatnot. But one problem we _don't_ have is
skript kiddiez trying to hack their way in through the users systems.
NAT means they can't initiate a connection, because the NAT box won't
permit this.
>NAT can cause problems with certain applications.
If not implemented correctly, yes. And whose problem is that?
>Pretty standard in large organisations.
>Not everyone uses a PC all the time.
About the only systems not "in use" around here during the normal workday
are the systems used by people on vacation, out sick, etc., and the spares
in storage. Are they actively typing commands/data/whatever all the time?
I doubt it. Would productivity suffer if they all didn't have their
computers on their desk? Absolutely.
Old guy
- Next message: T. Sean Weintz: "Re: Static IP Vs DHCP"
- Previous message: Moe Trin: "Re: Static IP Vs DHCP"
- Maybe in reply to: Moe Trin: "Re: Static IP Vs DHCP"
- Next in thread: T. Sean Weintz: "Re: Static IP Vs DHCP"
- Reply: T. Sean Weintz: "Re: Static IP Vs DHCP"
- Reply: david20_at_alpha2.mdx.ac.uk: "Re: Static IP Vs DHCP"
- Reply: Walter Roberson: "Re: Static IP Vs DHCP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
