Firewall Wizards mailing list archives
RE: Using DHCP (was RE: IP Spoofing)
From: "Safier, Adam (GEIS)" <Adam.Safier () geis ge com>
Date: Tue, 12 Oct 1999 17:04:54 -0400
What if I know the IP address range of the special group and hard code it into my PC? This seems like a fancy way of filtering by IP address only, with all the old spoofing vulnerabilities. What am I missing that makes this truly secure? Adam -----Original Message----- From: Bill_Royds () pch gc ca [mailto:Bill_Royds () pch gc ca] Sent: Thursday, October 07, 1999 12:45 PM To: Dave Gillett Cc: firewall-wizards () lists nfr net Subject: Re: Using DHCP (was RE: IP Spoofing) Scenario. I have a firewall rule set that allows use of a particular service for a limited range of IP addresses (192.16.24.16/28 say) . I set up my DHCP server to give out this range only to users that validate themselves (basically this range is for a logical subnet withing a physical segment). So rather than changing firewall rules each time a member of that secure user set changes, the DHCP server validates users by things like NT group or challenge response etc. This localizes the security control to the actual owners of secure service. "Dave Gillett" <dgillett () deepforest org> on 06/10/99 12:44:13 PM Please respond to "Dave Gillett" <dgillett () deepforest org> To: firewall-wizards () lists nfr net cc: (bcc: Bill Royds/HullOttawa/PCH/CA) Subject: Re: Using DHCP (was RE: IP Spoofing) On 3 Oct 99, at 11:01, Bill_Royds () pch gc ca wrote:
.... Having an authorizing DHCP server that can give the firewall lists of IP's that have validated themselves for a service means that the list is only as old as the DHCP lease.
DHCP hands out addresses, but where does it do validation for *services*? This is news to me! David G
Current thread:
- Re: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 05)
- Re: Using DHCP (was RE: IP Spoofing) Dave Gillett (Oct 06)
- <Possible follow-ups>
- Re: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 12)
- RE: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 13)
- RE: Using DHCP (was RE: IP Spoofing) Safier, Adam (GEIS) (Oct 13)
- RE: Using DHCP (was RE: IP Spoofing) Anton J Aylward (Oct 16)
- RE: Using DHCP (was RE: IP Spoofing) Safier, Adam (GEIS) (Oct 13)
- RE: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 13)
- RE: Using DHCP (was RE: IP Spoofing) Bill_Royds (Oct 16)
- RE: Using DHCP (was RE: IP Spoofing) Safier, Adam (GEIS) (Oct 18)
- RE: Using DHCP (was RE: IP Spoofing) Carl Brewer (Oct 18)