Security Basics mailing list archives

RE: Blocking Access to Non-domain computers

From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Wed, 1 Sep 2004 09:16:11 +0100

DHCP/BOOTP are broadcast protocols and are designed to respond to any client.

With out a lot of manual intervention, one thing these protocols are designed to avoid, you will not be able to achieve 
your goal.

Perhaps an authenticating proxy could resolve your problem?

Andy. 

-----Original Message-----
From: Alexandre Verriere [mailto:maxwell () nskb net] 
Sent: 30 August 2004 11:32
To: Brian Gehrke
Cc: security-basics () securityfocus com
Subject: Re: Blocking Access to Non-domain computers

Brian Gehrke a écrit :

I am running a W2K domain, using DHCP.  Is it possible to block 
non-domain computers from getting an IP address from the DHCP server, 
so they will not be able to access the Internet through the network.

Brian

You can do static ip adressing via your dhcp but mac spoofing is not so 
hard, il you're in need to
restrict acces to your proxy you may might want to do some 
authentification at the proxy gate (ntlm for ex).

Hope this helps...

-- 

                                ''~``
                               ( o o )
+------------------------.oooO--(_)--Oooo.-----------------------+
  
        Alexandre Verriere (Maxwell) - Http://www.nskb.net 


---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------

Current thread:

RE: Blocking Access to Non-domain computers Thomas TS (Aug 31)
- Re: Blocking Access to Non-domain computers Ansgar -59cobalt- Wiechers (Sep 02)
- Re: Blocking Access to Non-domain computers andreas (Sep 02)
- <Possible follow-ups>
- RE: Blocking Access to Non-domain computers Andrew Shore (Sep 02)
- Re: Blocking Access to Non-domain computers Faleh Daoud Abdel Monem (Sep 08)