Re: About War Driving ..

["Brian Loe" <knobdy () gmail com>]

On 12/6/06, FatalSaint <admin () linuxniche com> wrote:
> >I haven't been following this thread but I'm just wondering how big of
> >a network is being supported/discussed when discussing the turning off
> >of DHCP and managing the static IPs and static routes?
>
> Not sure I follow.
>
> Leaving DHCP open with no filtering and just randomly assigning addresses
> makes auditing and tracking an admin's nightmare in incident response.
> Whatever size network.

Not really. With our logging and monitoring systems I can tell you who
and where every machine on the network is - and we use DHCP,
thankfully.

> I've also worked with the largest Windows Active Directories in the
> world (AD's that span from Hawaii to Maine in the US - and every state
> in between); who also use Static IP's with Port Security on every LAN
> Access jack.  If you plug the wrong IP or MAC into a network jack, it is
> immediately disabled and the admin's are notified (granted there is
> huge admin staff with seperate divisions at each larger site with main
> server banks in various locations).

I'd like to know what company this is - having worked at two of the
largest phone companies in the country, who do not do this, as well as
lots of other large companies with employees in the thousands and an
international presence I know that I would not be interested in
tracking statically assigned IP addresses. You're looking at moving
hundreds of PCs a day, every day, and any advantage you would obtain
from doing so can be better obtained with better monitoring tools.

> My father was 1 of maybe 3 or 4 Systems administrators in a company with
> about 300 users.

I hope they have a lot of servers to support. I realize that "system
administrator" is thrown around pretty loosely these days but I've
worked as the only sys admin in a company of 400. That position at
that company is still a one man IT shop, 5 years after I left.

> All of the above were static.  And when there were security incidents
> there were logs and details and a place to start. When a user check's
> in, they are assigned a PC, with a MAC and an IP and it's is put inside
> an encrypted log file.

I'm not sure why you would need to encrypt a log file - or why a log
file would contain your MAC/IP mappings. I do know that the company
I'm at now has the same level of logging and knowledge of their
network and the PCs on it, without having a manage a couple thousand
IP/MAC addresses.

And just because you can plug a machine in and get an IP doesn't mean
you'll be able to do anything on the network or that you won't be
found and shut down.


> I'm not saying I'm an expert here.. but so far in my experience I've
> never seen an absolute need for DHCP that outweighs the risk of allowing
> unauthorized PC's to get on your network.  At least make an intruder
> work for it.

Again, I've never seen the need to NOT run DHCP that outweighed the
administrative overhead of doing it manually.

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------