Firewall Wizards mailing list archives
Re: Proxy 2.0 secure?
From: "Brian Steele" <steele_b () spiceisle com>
Date: Mon, 29 Jun 1998 11:54:08 -0400
I don't know who you are quoting (I forget the orig poster, sorry), but my problem with dynamic DHCP is less with the dynamic-ness than the short leases. The issue is that if the leases are short (e.g. less than a few weeks even), it is virtually impossible to track down a misbehaving system because it is difficult to map between MAC and IP addresses. This problem can be alleviated with long leases: I suggest a year or so.
Interesting idea. My lease time is short. VERY short. But I haven't come across a problem yet mapping between IP and MAC addresses. See below...
True WINS and DNS interact farily well now. That is not as much of an issue as being able to verify the proper MAC address for a paritcular IP address when troubleshooting. You could probably make up some scheme with a database package and all that, but it might be spoofable.
We've got an asset database here that contains information about each PC, including the MAC address for the NIC employed therein. To determine which MAC address belongs to which IP address, I could do a reverse-lookup on the IP address to get the name assigned to that PC, then look up the information in the database.
How about placing a proxying firewall or NAT device between you and the other business unit when you do that. That will allow you to use private addresses internally which you can go to now. A class A (network 10.0.0.0) is really nice to use...
We are presently using private addresses internally. So are some of the other business units. Problem is that there's a few places where the address allocation overlaps. We could perhaps use NAT between the business units, but there's a performance hit using NAT, as well as configuration issues (for example Netmeeting support). I'd probably go for the re-addressing route, and dynamic DHCP allows me to change all the PCs over quite quickly, if ever it becomes necessary, with little cost to us. Brian Steele
Current thread:
- Re: Proxy 2.0 secure?, (continued)
- Re: Proxy 2.0 secure? ark (Jun 26)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 26)
- Re: Proxy 2.0 secure? Gillian Steele (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 26)
- Re: Proxy 2.0 secure? Brian Steele (Jun 28)
- Re: Proxy 2.0 secure? Rodney van den Oever (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- Re: Proxy 2.0 secure? John McDermott (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? NetSurfer (Jun 30)
- Re: Proxy 2.0 secure? John McDermott (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- Re: Proxy 2.0 secure? ark (Jun 29)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 29)
- Re: Proxy 2.0 secure? Ryan Russell (Jun 29)
- Re: Proxy 2.0 secure? tqbf (Jun 29)
- Re: Proxy 2.0 secure? Peter Jeremy (Jun 30)
(Thread continues...)