Re: DHCP and Security

[sarnold () WILLAMETTE EDU (Seth R Arnold)]

Well, depending on the volume of problems, this may or may not work..

The dhcp server for a smaller lab that I help administrate logs requests and
grants into /var/log/messages -- I imagine syslog could be configured to put
it elsewhere, but that has never bothered me much.

If you only need to occasionally look up info, you can search through the
file for the IP you are interested in, previous from whatever time you are
interested in.

But, if I had to do this more than once a week, I would likely write a perl
script to help track down which IP was owned and released when. :)

(Actually, if you are really lucky, the original logs could be configured to
give the DNS name for the machines, assuming you have a dhcp-dynamic dns
setup.:)

<shrug> YMMV

On Thu, Feb 03, 2000 at 01:16:08PM -0500, Nitzenberger, Rob, MSgt, AF/XORR wrote:
> Need a policy read folks:
>
> The system I "manage" has 3200 users at various locations throughout the
> world, managed by a central NOC.  Our firewall permissions (protocol and
> port) are highly restrictive and report any unauthorized actions (ftp,
> pings, finger,.....).  The NOC gets a report from the firewall indicating
> which IP was the "offender".  If I the LAN clients are configured with
> static IP's, it's easy to attribute the offending action with a LAN client,
> but with DHCP (which is the method of choice for our sys admin types), it
> has proven difficult to "map" an IP address back to a specific user... lease
> times expire, inadequate event logging..etc.
>
>  How can I configure DHCP to balance the need for security with the wishes
> of the sys admin folks?  Any Ideas?
>
> Rob Nitzenberger
> thenitz () email com

--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!