Firewall Wizards mailing list archives
Using DHCP (was RE: IP Spoofing)
From: "Anton J Aylward" <anton () the-wire com>
Date: Sat, 2 Oct 1999 09:54:34 -0400
Neither DNS not DHCP is a cure for spoofing, and can themselves be spoofed as well ;-( But they are key tools and properly configured can support the evidence of logs in tracing problems and intrusions. Some sites want accountability, that is a deterministic identification of an IP address with a host. This can be strength or weakness, in my opinion, and I've always favoured it when possible. But I'd like to know what other think. DHCP has improved, in that it can now integrate with DNS, which was always my greatest complaint about it. Like DNS it can be strapped down, binding MAC addresses to IP addresses. Of course relayers confuse this somewhat. (Just as proxy ARP on some firewalls can)
From a security standpoint there are a lot of tradeoffs to be made here,
which of course interact with hardware (e.g. switching hubs) and network layout. I'd like to know what other people have found effective and what problems there may be. Can those in the know guide the rest of us away from the jagged rocks of this kind of implementation? Anton Aylward System Integrity aja () si on ca
Current thread:
- RE: IP Spoofing. Robert Graham (Oct 01)
- Using DHCP (was RE: IP Spoofing) Anton J Aylward (Oct 02)
- Re: Using DHCP (was RE: IP Spoofing) Joseph S D Yao (Oct 05)
- Re: IP Spoofing. Emiliano Kargieman (Oct 02)
- Using DHCP (was RE: IP Spoofing) Anton J Aylward (Oct 02)