Security Basics mailing list archives
Re: Preventing DHCP from allocating IPs
From: "jon kintner" <jon.kintner () lvcm com>
Date: Tue, 3 Dec 2002 23:19:26 -0800
too much administrative overhead. especially if you have a network of 50 or more nodes. unless you're using smaller subnets and using all valid IP's in the range, a user can still specify an IP in your network with matching netmask and have access because of the MAC filtering on my school network, I wasn't able to pull a DHCP address with a spare machine, so I used the above method. just checked IPCONFIG on a valid host, and matched the subnet. ----- Original Message ----- From: "Rick Darsey" <rdarsey () aims1 com> To: "jon kintner" <jon.kintner () lvcm com>; <ssgill () gilltechnologies com>; <security-basics () securityfocus com> Sent: Tuesday, December 03, 2002 12:04 PM Subject: RE: Preventing DHCP from allocating IPs
I know this sounds like a really bad way of doing this, but it is the only way I can come up with off the top of my head: Turn of DHCP!! Statically assign all addresses in your LAN. If a visitor wants access to your network, they will have to come to you to obtain the address, or better yet, create a small DHCP pool that visitors can use,
but
limit the size to prevent users you do not want from accessing the
network.
The initial setup of the static addresses will take time, but the small
DHCP
pool will still allow visitors to plug in when needed. Rick -----Original Message----- From: jon kintner [mailto:jon.kintner () lvcm com] Sent: Monday, December 02, 2002 1:04 PM To: ssgill () gilltechnologies com; security-basics () securityfocus com Subject: Re: Preventing DHCP from allocating IPs I know mac addresses can be spoofed pretty easily, but could you setup an access list or filter that would disallow all mac addresses except for the ones specified on your network(s)? The initial setup would probably be tedious, but it's worked fairly well
to
keep most unauthorized logins off the network at the college I attend. -jon kintner ----- Original Message ----- From: "Sarbjit Singh Gill" <ssgill () gilltechnologies com> To: <security-basics () securityfocus com> Sent: Monday, December 02, 2002 7:22 AM Subject: Preventing DHCP from allocating IPsGreetings all, How do i prevent a client from getting an IP from my DHCP in an Ethernet network. I know i could reserve IPs for all other clients and nobody
gets
anIP unless reserved earlier, but i have hundreds of clients. I frequently have visitors who need to plug in their laptops into the network and ihavevisitors who are not allowed to plug in their laptops into the network
and
get IPs. I do not want these visitors who are not allowed to access the network to get an IP and start accessing internet through my network. What about in a wireless environment. How do i prevent it in a similar capacity. Kind Regards Gill
Current thread:
- Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 02)
- RE: Preventing DHCP from allocating IPs Jimmy Sansi (Dec 03)
- RE: Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 05)
- Re: Preventing DHCP from allocating IPs jon kintner (Dec 03)
- Re: Preventing DHCP from allocating IPs Pauling (Dec 04)
- Re: Preventing DHCP from allocating IPs Tony Meman (Dec 06)
- RE: Preventing DHCP from allocating IPs Rick Darsey (Dec 04)
- Re: Preventing DHCP from allocating IPs jon kintner (Dec 04)
- RE: Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 05)
- Re: Preventing DHCP from allocating IPs Hasnain Atique (Dec 06)
- RE: Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 06)
- Re: Preventing DHCP from allocating IPs Hasnain Atique (Dec 06)
- Re: Preventing DHCP from allocating IPs Tony Meman (Dec 09)
- Re: Preventing DHCP from allocating IPs jon kintner (Dec 09)
- Re: Preventing DHCP from allocating IPs Gene (Dec 11)
- Re: Preventing DHCP from allocating IPs Tony Meman (Dec 12)
- Re: Preventing DHCP from allocating IPs Pauling (Dec 04)
- RE: Preventing DHCP from allocating IPs Jimmy Sansi (Dec 03)
- <Possible follow-ups>
- Re: Preventing DHCP from allocating IPs Fred Williams (Dec 04)
- RE: Preventing DHCP from allocating IPs Wollenslegel, Troy (T.A.) (Dec 04)