Freeze break: add range to dhcp01
Stephen John Smoogen
smooge at gmail.com
Thu Aug 11 16:58:12 UTC 2011
On Wed, Aug 10, 2011 at 16:32, Dennis Gilmore <dennis at ausil.us> wrote:
> -1 we have left the range out on pourpose. You can tail the logs work out
> the Mac and easily add a static IP.
>
After doing some thinking, I think our original purpose had flawed
assumptions. We didn't want systems just appearing on the .125 that we
didn't know about. The problem is that for a system to appear on the
.125 and to get a DHCP address, there needs to be physical access to
the networks. If an intruder has physical access, they can do multiple
items that having a DHCP address would be the least of our worries.
Having a range on for short periods of time would alleviate the need
for us to have various hardware systems physically unplugged and
replugged several times to get the IMM and other cards to ask for a
DHCP address while we try to get them configured. If we have the range
for a short time, remove the range after it is needed and alert that
the range is in existence on the systems via a cron or puppet alert I
think we can manage this risk.
--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren
More information about the infrastructure
mailing list