Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Static vs. dynamic dhcp assigned addresses

From: "Kreider, Randall G" <kreiderr () ETOWN EDU>
Date: Tue, 13 Dec 2011 13:12:06 +0000
Have you been following this thread?

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steven 
Tardy
Sent: Monday, December 12, 2011 3:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Static vs. dynamic dhcp assigned addresses

On 12/12/11 10:08, Jim Mayne wrote:

TCU has always provided user's with static ip addresses using dhcp reservations. However with the flood of new mobile 
devices it is straining our ability to efficiently assign these types of ip addresses. In discussing a movement to 
dynamic addresses the issue of incident response and troubleshooting comes up.

Would others using dynamic addresses share their tactics and any estimate of added effort involved when tracking down 
issues identified by ip addresses, whether they be from external complaints, IDS logs, firewall logs etc.



DHCP server syslog to a file.
write a hundred line perl script to parse entries to insert into a database.
(perl File::Tail for near realtime parsing.) write web page for security officer to query database.

... should be an afternoons work.
producing:
    DHCP logs. (dynamic ip + time stamp -=> mac address)

data collection can also be done with:
    NAT logs. (outside ip:port -=> inside ip)
    routers ARP tables. (ip -=> mac address)
    switch CAM tables. (mac address -=> switchport/AP)

guess a pile of awesome coworkers had setup most of this years ago...
(hard to imaging people NOT have this kind of easy visibility/tracking/history.)



--
Steven Tardy
Systems Analyst
Information Technology Infrastructure
Information Technology Services
Mississippi State University
sjt5 () its msstate edu
Previous By Date Next
Previous By Thread Next

Current thread: