Security Basics mailing list archives
Re: DHCP
From: John Bailey <rekkanoryo () rekkanoryo org>
Date: Fri, 22 May 2009 12:52:49 -0400
Doug McFarland wrote:
Hi all, I am looking for a way to block any PC that plugs into my network that is not authorized to access any network resources-servers, firewalls, etc. Is there a way in DHCP that I can add reservations just for the PCs that I want to allow the network resources and any other pc/laptop that happens to be plugged into the network either doesn't get an IP address, gets a dummy IP address, or something else? I've heard Windows Server 2008 can do this, but I'm not sure about 2003. Any suggestions would be greatly appreciated. Best regards, djm
You can create reservations for every client, sure. If you have no addresses in the scope that are not excluded for reservations, additional clients will not be able to obtain an IP address. That has only limited usefulness, though, as anyone with sufficient clue can modify their MAC address to match one of the existing clients and plug in in its place. For a Linux user, it's trivial--"ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx", and for other OSes it's only somewhat more difficult. John
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- DHCP Doug McFarland (May 22)
- Re: DHCP Shreyas Zare (May 22)
- Message not available
- Re: DHCP Shreyas Zare (May 22)
- Message not available