Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How to find a changing IP on ethernet network

From: "Mike" <mike () superiorholidayadventures ca>
Date: Thu, 26 Feb 2004 08:35:58 -0500
I've done this using a Linux solution.  My DHCP server hands out fixed
IP addresses to fixed MAC addresses.  It's sort of a static DHCP setup.
It also declines any requests from clients that are not defined in
dhcpd.conf file.

As well I'm using IPTables on my firewall that denies all traffic by
default and only allow the IP/MAC combination that is defined by the
DHCP server.

If you were really determined enough, you could circumvent the above
example.  It would take a lot of work as you'd have to guess (or obtain)
the right IP/MAC combination.  If someone can find another way around
this, I'd love to hear from you.

If I had a managed switch that allowed me to "bind" one MAC to each port
that would be even better, but I don't.


Mike Fetherston


Following up this..i want to know at the network level any software

can

bind the MAC Addresses to the ports (and to take current MAC Addresses
in the network automatically)so that no new ip address can be

allocated

without the consent of the network admin. This will also ensure

security

so that non one just plugs in a pc or laptop..


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: