Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Down with DHCP!!!!

From: Gunnar Wolf <gwolf () gwolf org>
Date: Sat, 25 Feb 2006 11:16:48 -0600
Andreas Hell dijo [Wed, Feb 22, 2006 at 08:11:06AM +0100]:

Just a 2p thought:


My suggestion would be to use DHCP with MAC-based reservations.  


Isn't it right that any wannebe hacksor can easily spoof his/her
mac-address to let it look like an "authorised" one? And wouldn't this
mean that the only barrier to get an IP is to choose/find a correct
mac-address, which might be done by sniffing the network or something
alike? If so, giving away Ips based on mac-addresses doesn't look too
secure to me, does it?


Exactly. Using DHCP this way helps you with administration, but is not
a security measure. It just gets you a little bit better security than
not having DHCP and thus no real control on who has which address. 

-- 
Gunnar Wolf - gwolf () gwolf org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: