Vulnerability Development mailing list archives
Re: DHCP and Security
From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Fri, 4 Feb 2000 01:08:17 -0800
Well, depending on the volume of problems, this may or may not work.. The dhcp server for a smaller lab that I help administrate logs requests and grants into /var/log/messages -- I imagine syslog could be configured to put it elsewhere, but that has never bothered me much. If you only need to occasionally look up info, you can search through the file for the IP you are interested in, previous from whatever time you are interested in. But, if I had to do this more than once a week, I would likely write a perl script to help track down which IP was owned and released when. :) (Actually, if you are really lucky, the original logs could be configured to give the DNS name for the machines, assuming you have a dhcp-dynamic dns setup.:) <shrug> YMMV On Thu, Feb 03, 2000 at 01:16:08PM -0500, Nitzenberger, Rob, MSgt, AF/XORR wrote:
Need a policy read folks: The system I "manage" has 3200 users at various locations throughout the world, managed by a central NOC. Our firewall permissions (protocol and port) are highly restrictive and report any unauthorized actions (ftp, pings, finger,.....). The NOC gets a report from the firewall indicating which IP was the "offender". If I the LAN clients are configured with static IP's, it's easy to attribute the offending action with a LAN client, but with DHCP (which is the method of choice for our sys admin types), it has proven difficult to "map" an IP address back to a specific user... lease times expire, inadequate event logging..etc. How can I configure DHCP to balance the need for security with the wishes of the sys admin folks? Any Ideas? Rob Nitzenberger thenitz () email com
-- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
Current thread:
- Re: distributed.net and seti@home, (continued)
- Re: distributed.net and seti@home Granquist, Lamont (Feb 03)
- Re: distributed.net and seti@home Steffen Zahn (Feb 04)
- Possible DHCP DOS attack Paul Keefer (Feb 02)
- Re: Possible DHCP DOS attack Sebastian Andersson (Feb 02)
- Re: Possible DHCP DOS attack Eric Hacker (Feb 03)
- Re: Possible DHCP DOS attack C.J. Oster (Feb 03)
- Re: Possible DHCP DOS attack Erik Fichtner (Feb 03)
- Re: Possible DHCP DOS attack Matthew S. Hallacy (Feb 03)
- DHCP and Security Nitzenberger, Rob, MSgt, AF/XORR (Feb 03)
- Re: DHCP and Security Erik Fichtner (Feb 03)
- Re: DHCP and Security Seth R Arnold (Feb 04)
- Re: DHCP and Security Jeff Bachtel (Feb 05)
- Re: Possible DHCP DOS attack Michal Zalewski (Feb 03)
- Re: Possible DHCP DOS attack Blue Boar (Feb 03)
- Re: distributed.net and seti@home Andrew Brown (Feb 02)