Re: Preventing DHCP from allocating IPs

["jon kintner" <jon.kintner () lvcm com>]

too much administrative overhead.  especially if you have a network of 50 or
more nodes.
unless you're using smaller subnets and using all valid IP's in the range, a
user can still specify an IP in your network with matching netmask and have
access
because of the MAC filtering on my school network, I wasn't able to pull a
DHCP address with a spare machine, so I used the above method.  just checked
IPCONFIG on a valid host, and matched the subnet.



----- Original Message -----
From: "Rick Darsey" <rdarsey () aims1 com>
To: "jon kintner" <jon.kintner () lvcm com>; <ssgill () gilltechnologies com>;
<security-basics () securityfocus com>
Sent: Tuesday, December 03, 2002 12:04 PM
Subject: RE: Preventing DHCP from allocating IPs


> I know this sounds like a really bad way of doing this, but it is the only
> way I can come up with off the top of my head:
>
> Turn of DHCP!! Statically assign all addresses in your LAN. If a visitor
> wants access to your network, they will have to come to you to obtain the
> address, or better yet, create a small DHCP pool that visitors can use,
but
> limit the size to prevent users you do not want from accessing the
network.
> The initial setup of the static addresses will take time, but the small
DHCP
> pool will still allow visitors to plug in when needed.
>
> Rick
>
> -----Original Message-----
> From: jon kintner [mailto:jon.kintner () lvcm com]
> Sent: Monday, December 02, 2002 1:04 PM
> To: ssgill () gilltechnologies com; security-basics () securityfocus com
> Subject: Re: Preventing DHCP from allocating IPs
>
>
> I know mac addresses can be spoofed pretty easily, but could you setup an
> access list or filter that would disallow all mac addresses except for the
> ones specified on your network(s)?
> The initial setup would probably be tedious, but it's worked fairly well
to
> keep most unauthorized logins off the network at the college I attend.
>
> -jon kintner
>
> ----- Original Message -----
> From: "Sarbjit Singh Gill" <ssgill () gilltechnologies com>
> To: <security-basics () securityfocus com>
> Sent: Monday, December 02, 2002 7:22 AM
> Subject: Preventing DHCP from allocating IPs
>
>
> > Greetings all,
> >
> > How do i prevent a client from getting an IP from my DHCP in an Ethernet
> > network. I know i could reserve IPs for all other clients and nobody
gets
> an
> > IP unless reserved earlier, but i have hundreds of clients. I frequently
> > have visitors who need to plug in their laptops into the network and i
> have
> > visitors who are not allowed to plug in their laptops into the network
and
> > get IPs. I do not want these visitors who are not allowed to access the
> > network to get an IP and start accessing internet through my network.
> >
> > What about in a wireless environment. How do i prevent it in a similar
> > capacity.
> >
> > Kind Regards
> > Gill