Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Blocking Access to Non-domain computers

From: "Dan and Liz Boyson" <dobandewb () juno com>
Date: Sat, 28 Aug 2004 16:39:50 -0700
Another way to approach this might be to let them have an ip address, but
then deny them the use of a different IP service (maybe DNS?) so though they
had an ip address, it was essentially useless.

Daniel Boyson


-----Original Message-----
From: Steven A. Fletcher [mailto:sfletcher () integrityts com] 
Sent: Tuesday, August 24, 2004 9:54 PM
To: Andreas; security-basics () securityfocus com
Subject: RE: Blocking Access to Non-domain computers


That is the only option I can think of.  If you think about it, how could
you keep non-domain computers from getting an IP address?  As far as I know,
there is no provision in DHCP for such control.  For the system to determine
whether or not to give the machine an address, the machine would need to be
able to communicate with the domain controllers, which would require an IP
address for the communication to be able to happen.

Steve Fletcher
Senior Network Engineer, MCSE (NT4/Win2k), HP Master ASE, CCNA,
Security+
Integrity Technology Solutions
Phone: (309)664-8129
Toll Free: (888) 764-8100 ext. 129
Fax: (309) 662-6421
sfletcher () integrityts com
 

-----Original Message-----
From: Andreas [mailto:andreas () inferno nadir org] 
Sent: Monday, August 23, 2004 2:16 PM
To: security-basics () securityfocus com
Subject: Re: Blocking Access to Non-domain computers

Hello,

On Thursday 19 August 2004 16:58, Brian Gehrke wrote:

I am running a W2K domain, using DHCP.  Is it possible to block 
non-domain computers from getting an IP address from the DHCP server,

so

they will not be able to access the Internet through the network.


is dhcp by mac address (which of course can easily be spoofed) 
an option?

regards,
andreas

------------------------------------------------------------------------
---
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------





---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: