Educause Security Discussion mailing list archives

Re: MAC address registrations

From: Gary Flynn <flynngn () JMU EDU>
Date: Mon, 21 Apr 2003 15:50:19 -0400

Kevin Shalla wrote:

What do others do regarding registering MAC addresses?  Do you have
policies regarding who is allowed a routable IP address, or who is allowed
a static IP address?


Kevin,

We have a DHCP based system that registers all computers as
they come online. It is not a security measure as much as
an administrative aid as it can be circumvented but we haven't
found anyone doing it yet. It has proved invaluable in helping
improve incident response, mobile computing, and address
management.

There is a package called NetReg that many schools use to
perform this task for their residence networks. Take a look
at it. It should be easily found on Google. Our system is a
home grown package but I think it works approximately the same
way. Here is a summary of how it works:

1) Client issues DHCP request

2) If client's MAC address is not in the DHCP server table, the
   DHCP server furnishes an IP address that is restricted by
   router filters and given a DNS server that will resolve all
   DNS lookups to a registration web site.

3) User goes to the registration web site. We collect MAC
   address, user name, user location, user phone number,
   operating system, desktop/laptop, and what, if any, servers
   are running on the computer. Most of this information is
   filled out by the user but the application picks up the OS,
   MAC address, and some user information automatically via an
   LDAP lookup based on the user's ID that was used to login
   to the web application.

4) The client's MAC address is then placed in the regular DHCP
   server so that when the computer next requests an IP address
   it gets a real one.

There are registration pages for systems needing static
addresses and procedures in place to allow mass registration
of labs.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

MAC address registrations Kevin Shalla (Apr 21)
- <Possible follow-ups>
- Re: MAC address registrations Gary Flynn (Apr 21)
- Re: MAC address registrations Arturo Lev Servin (Apr 21)
- Re: MAC address registrations Mark Poepping (Apr 21)
- Re: MAC address registrations Gary Flynn (Apr 21)