Security Basics mailing list archives
RE: Blocking Access to Non-domain computers
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Wed, 1 Sep 2004 09:16:11 +0100
DHCP/BOOTP are broadcast protocols and are designed to respond to any client. With out a lot of manual intervention, one thing these protocols are designed to avoid, you will not be able to achieve your goal. Perhaps an authenticating proxy could resolve your problem? Andy. -----Original Message----- From: Alexandre Verriere [mailto:maxwell () nskb net] Sent: 30 August 2004 11:32 To: Brian Gehrke Cc: security-basics () securityfocus com Subject: Re: Blocking Access to Non-domain computers Brian Gehrke a écrit :
I am running a W2K domain, using DHCP. Is it possible to block non-domain computers from getting an IP address from the DHCP server, so they will not be able to access the Internet through the network. Brian
You can do static ip adressing via your dhcp but mac spoofing is not so hard, il you're in need to restrict acces to your proxy you may might want to do some authentification at the proxy gate (ntlm for ex). Hope this helps... -- ''~`` ( o o ) +------------------------.oooO--(_)--Oooo.-----------------------+ Alexandre Verriere (Maxwell) - Http://www.nskb.net --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Blocking Access to Non-domain computers Thomas TS (Aug 31)
- Re: Blocking Access to Non-domain computers Ansgar -59cobalt- Wiechers (Sep 02)
- Re: Blocking Access to Non-domain computers andreas (Sep 02)
- <Possible follow-ups>
- RE: Blocking Access to Non-domain computers Andrew Shore (Sep 02)
- Re: Blocking Access to Non-domain computers Faleh Daoud Abdel Monem (Sep 08)