Firewall Wizards mailing list archives
RE: DHCP in a corporate MS environment - Security Risk?
From: "Frank Darden" <fdarden () locked com>
Date: Fri, 24 Jan 2003 21:08:14 -0500
If I am not mistaken, http://www.metainfo.com also makes a DHCP server that behaves in this manner. Frank -----Original Message----- From: Ben Nagy [mailto:ben () iagu net] Sent: Friday, January 24, 2003 3:09 AM To: Gary Flynn Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk? ----- Original Message ----- From: "Gary Flynn" <flynngn () jmu edu> [...]
Ben Nagy wrote:I remember many years ago now people were working on stuff that gave
you a
DHCP lease on a temp VLAN (so you could get IP) then authenticated
you, then
gave you another lease on a different VLAN as per your credentials.
The
problem was that it was really convoluted, and DHCP/database server
failure
was a show stopper.
[...]
You mean something like this:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/urt/uurt/ ur1p lan.htm Something exactly like that, actually. ;) Convoluted, requires an all Cisco switched to the user environment and the URT server is a point of failure.
From what I hear it didn't sell well, despite being a fantastically cool
technical solution to a hard problem. I noticed that you were involved in a unisog discussion about this stuff, Gary - I couldn't find enough of the messages in my quick search to work out whether anyone had a solution that they were satisfied with that didn't require quite as much single vendor tomfoolery (not that I don't love Cisco, by the way). I think I saw something similar, as well, coming out of a University that had to deal with the wireless issue, using VPN clients and proxies which was a seriously cool solution, although only tangentially related and I'm not sure if it made it onto this list. Given the new whitepaper on wireless MAC spoofing (and detection measures for same) I guess people will be thinking about all that again. Cheers, ben _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: DHCP in a corporate MS environment - Security Risk?, (continued)
- RE: DHCP in a corporate MS environment - Security Risk? David Lang (Jan 22)
- RE: DHCP in a corporate MS environment - Security Risk? Paul Robertson (Jan 22)
- RE: DHCP in a corporate MS environment - Security Risk? Darden, Patrick S. (Jan 22)
- Re: DHCP in a corporate MS environment - Security Risk? Ben Nagy (Jan 23)
- Re: DHCP in a corporate MS environment - Security Risk? Gary Flynn (Jan 24)
- Re: DHCP in a corporate MS environment - Security Risk? Ben Nagy (Jan 24)
- Re: DHCP in a corporate MS environment - Security Risk? Ben Nagy (Jan 23)
- RE: DHCP in a corporate MS environment - Security Risk? David Lang (Jan 22)