Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Preventing DHCP from allocating IPs

From: "Fred Williams" <A20FBW1 () wpo cso niu edu>
Date: Tue, 03 Dec 2002 15:23:47 -0600
Hello,

As I see it, if a "client" knows the gateway address and subnet mask,
then they can just edit their tcp/ip configuration manually and "hope"
to use an unassigned address, thus bypassing DHCP all together.
Additional knowledge of the network makes this easier... This does allow
a client to use the network for accessing the internet, if such access
is possible from the network segment they happen to be on. Anyway, the
University of Utah has a product called ANA - Authenticated Network
Access that addresses this issue. Basically even if a user has a valid
ip configuration they cannot use the network unless they are
authenticated by an id/passwd combination.
http://www.netcom.utah.edu/ana/

Good luck
Fred


----- Original Message -----
From: "Sarbjit Singh Gill" <ssgill () gilltechnologies com>
To: <security-basics () securityfocus com>
Sent: Monday, December 02, 2002 7:22 AM
Subject: Preventing DHCP from allocating IPs



Greetings all,

How do i prevent a client from getting an IP from my DHCP in an

Ethernet

network. I know i could reserve IPs for all other clients and nobody

gets
an

IP unless reserved earlier, but i have hundreds of clients. I

frequently

have visitors who need to plug in their laptops into the network and

i
have

visitors who are not allowed to plug in their laptops into the

network and

get IPs. I do not want these visitors who are not allowed to access

the

network to get an IP and start accessing internet through my

network.


What about in a wireless environment. How do i prevent it in a

similar

capacity.

Kind Regards
Gill
Previous By Date Next
Previous By Thread Next

Current thread: