Security Basics mailing list archives

RE: Preventing DHCP from allocating IPs

From: "Sarbjit Singh Gill" <ssgill () gilltechnologies com>
Date: Wed, 4 Dec 2002 19:11:42 +0800

Actually this is what i did for the past weeks at the office of my client.
At the end of the day, we created a public area where the network points are
"enabled" when needed and "disabled" when not needed. The moment we
discovered an unauthorise use of the DCHP to obtain IP,  we read his/her MAC
and disabled it at the router. At least at this stage this users are not
smart enough to know the MAC can be modified.

I was thinking if there was a service which could pick and choose MAC
addresses, it would have been great. Anyway, i guess i still have to tell
this "service" who is the bad MAC and who is the GOOD MAC.

Cheers
Gill

-----Original Message-----
From: Jimmy Sansi [mailto:jsansi () ritzfoodservice com]
Sent: Tuesday, December 03, 2002 3:06 AM
To: ssgill () gilltechnologies com; security-basics () securityfocus com
Subject: RE: Preventing DHCP from allocating IPs


Not being able to distinguish between a valid client or
not from a network perspective makes it pretty hard. You can
easily stop this accross the board (with a router, etc).

It may be a bit more of a hassle but if you know the valid
clients MAC address ahead of time you could filter out that
way as well. However its not foolproof against a malicious
person intent on gaining access.

In regards to wireless, outside from the above I have seen
implementations that use a VPN connection that must be
established before you can access any network resources.

-Jimmy

-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill () gilltechnologies com]
Sent: Monday, December 02, 2002 10:46 AM
To: security-basics () securityfocus com
Subject: Preventing DHCP from allocating IPs


Greetings all,

How do i prevent a client from getting an IP from my DHCP in an Ethernet
network. I know i could reserve IPs for all other clients and nobody gets an
IP unless reserved earlier, but i have hundreds of clients. I frequently
have visitors who need to plug in their laptops into the network and i have
visitors who are not allowed to plug in their laptops into the network and
get IPs. I do not want these visitors who are not allowed to access the
network to get an IP and start accessing internet through my network.

What about in a wireless environment. How do i prevent it in a similar
capacity.

Kind Regards
Gill

Current thread:

Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 02)
- RE: Preventing DHCP from allocating IPs Jimmy Sansi (Dec 03)
  - RE: Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 05)
- Re: Preventing DHCP from allocating IPs jon kintner (Dec 03)
  - Re: Preventing DHCP from allocating IPs Pauling (Dec 04)
    - Re: Preventing DHCP from allocating IPs Tony Meman (Dec 06)
  - RE: Preventing DHCP from allocating IPs Rick Darsey (Dec 04)
    - Re: Preventing DHCP from allocating IPs jon kintner (Dec 04)
    - RE: Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 05)
    - Re: Preventing DHCP from allocating IPs Hasnain Atique (Dec 06)
    - RE: Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 06)
    - Re: Preventing DHCP from allocating IPs Hasnain Atique (Dec 06)
    - Re: Preventing DHCP from allocating IPs Tony Meman (Dec 09)

(Thread continues...)