Security Basics mailing list archives

Re: DHCP

From: John Bailey <rekkanoryo () rekkanoryo org>
Date: Fri, 22 May 2009 12:52:49 -0400

Doug McFarland wrote:

Hi all,

I am looking for a way to block any PC that plugs into my network that is
not authorized to access any network resources-servers, firewalls, etc. Is
there a way in DHCP that I can add reservations just for the PCs that I want
to allow the network resources and any other pc/laptop that happens to be
plugged into the network either doesn't get an IP address, gets a dummy IP
address, or something else? I've heard Windows Server 2008 can do this, but
I'm not sure about 2003. Any suggestions would be greatly appreciated.

Best regards,

djm


You can create reservations for every client, sure.  If you have no addresses in
the scope that are not excluded for reservations, additional clients will not be
able to obtain an IP address.  That has only limited usefulness, though, as
anyone with sufficient clue can modify their MAC address to match one of the
existing clients and plug in in its place.  For a Linux user, it's
trivial--"ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx", and for other OSes it's
only somewhat more difficult.

John

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

DHCP Doug McFarland (May 22)
- Re: DHCP John Bailey (May 22)
  - RE: DHCP Cisternas Marquez, Gonzalo (May 25)
- Re: DHCP Gustavo Campos (May 22)
- RE: DHCP Valentin Fernandez Bolland (May 22)
  - Message not available
    - Re: DHCP Eric Kollmann (May 22)
    - Re: DHCP Tim Clewlow (May 22)
- Re: DHCP Shreyas Zare (May 22)
  - Message not available
    - Re: DHCP Shreyas Zare (May 22)
- RE: DHCP David Gillett (May 22)
- Re: DHCP Nikhil Wagholikar (May 22)
- Re: DHCP Philip Holbrook (May 22)

(Thread continues...)