Re: Security of IP addresses assgined by DHCP

From: Eric Chamberlain (eric_james_chamberlain@hotmail.com)
Date: 03/07/03


From: "Eric Chamberlain" <eric_james_chamberlain@hotmail.com>
Date: Thu, 6 Mar 2003 19:00:01 -0800


Look for network devices that support 802.1x. DHCP is not designed to
provide any security. The user could also guess at an available IP address
or sniff the network and figure out what IP address to use. 802.1x allows
the network devices to block the network traffic at the switch port or
wireless AP, if the connected device fails to authenticate.

"Jim" <jim.garrett@lifeway.com> wrote in message
news:03a801c2e3f4$3b5e33f0$3001280a@phx.gbl...
> We have been wrestling with the issue of the use of DHCP
> and the ability for any outside system once inside the
> building and configured for DHCP being able to connect to
> our network. We are examing policy concerning wireless
> access, yet for any contractor/vendor allowed in the
> building they can connect any non-corporate approved
> device to the network and receive access via DHCP.
>
> Are their any DHCP configurations/software available that
> would allow for some kind of "inspection" of the device
> requesting an IP address from a DHCP server, and determine
> if indeed this device is "approved" to receive an IP
> address? I'm aware of techniques to utilize MAC addresses,
> but this seems to potentially be an administration
> nightmare.
>
> Thanks
>
> Jim



Relevant Pages

  • Re: networking private and public hosts questions
    ... some systmes in storage to create a test network. ... a WS to the child and attempted to pull an IP from the DHCP server, ...
    (microsoft.public.win2000.networking)
  • Re: A little FYI
    ... > fix for a different problem or end up making the same configuration ... Maybe faulty network equipment, ... > to look at what might interfere with DHCP. ... you were not here as I was trying to get the card to stay ...
    (comp.security.firewalls)
  • Re: Preventing DHCP from allocating IPs
    ... Each segment is physically separate with a Linux ... unknown MAC addresses firstly don't get a DHCP ... >> wants access to your network, they will have to come to you to obtain ...
    (Security-Basics)
  • Cable Connectivity
    ... address for the Network Card with network address 00402B2F688C. ... The DHCP Client service on your computer did not receive a response ... If connection with the network is not established using this APIP ... the DHCP Client service will try to contact the DHCP server ...
    (microsoft.public.windowsxp.general)
  • Re: Cable Connectivity
    ... > address for the Network Card with network address 00402B2F688C. ... > The DHCP Client service on your computer did not receive a response ... > If connection with the network is not established using this APIP ... the DHCP Client service will try to contact the DHCP server ...
    (microsoft.public.windowsxp.general)