Security Basics mailing list archives
RE: Deny client from obtaining IP address
From: "Dubber, Drew B" <drew.dubber () eds com>
Date: Fri, 28 Jul 2006 15:10:39 +0100
Hi The classic way in the past was to use reservations. But its far too easy to spoof MAC addresses and you need to keep a spare range for your roaming laptop users (unless you want an admin nightmare), which kind of defeats its purpose! So in summary its a crock :) I'd look to 802.1x authentication for this kind of requirement. Alternatively Cisco/MS do some quarantine type products (haven't looked at them though). You could also setup a ipsec group policy on your pc's/servers which prevents rogue computers connecting even though they can get an IP address. MetaIP also appears to have the kind of functionality you are after (http://www.metainfo.com) Hope that helps Drew ________________________________ From: rolando_ruiz () jetaviation com [mailto:rolando_ruiz () jetaviation com] Sent: Thu 27/07/2006 17:24 To: security-basics () securityfocus com Subject: Deny client from obtaining IP address Hello all, Is there a way that in DHCP or so, one can deny a client computer from obtaining an IP address? We use Microsoft servers ADS environment and I'd like to allow only those we want to obtain an IP address. I don't want to make it too restricted where authorized users are unable to connect. I'm sure there are some 3rd party apps that can handle this and I welcome suggestions on those also. This is a solution for denying connectivity to outsiders. Thank you ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Deny client from obtaining IP address rolando_ruiz (Jul 27)
- RE: Deny client from obtaining IP address Demi (Jul 28)
- Re: Deny client from obtaining IP address Maurice Smit (Jul 28)
- Re: Deny client from obtaining IP address Nathan Sportsman (Jul 28)
- RE: Deny client from obtaining IP address Thomas D. (Jul 28)
- Re: Deny client from obtaining IP address Andrew Wheeler (Jul 28)
- Re: Deny client from obtaining IP address Ansgar -59cobalt- Wiechers (Jul 28)
- Re: Deny client from obtaining IP address List Spam (Jul 28)
- RE: Deny client from obtaining IP address Dubber, Drew B (Jul 31)
- Re: Deny client from obtaining IP address Nathan Sportsman (Jul 31)
- Re: Deny client from obtaining IP address Balaji Prasad (Jul 31)
- <Possible follow-ups>
- RE: Deny client from obtaining IP address Crawley, Jim (Jul 28)
- Re: Deny client from obtaining IP address chris (Jul 28)
- Re: RE: Deny client from obtaining IP address snuffy (Jul 31)