DHCP security
Ed Greshko
Ed.Greshko at greshko.com
Tue Oct 9 23:49:12 UTC 2007
Ashley M. Kirchner wrote:
>
> While I realize DHCPd isn't a security program of any kind, this does
> have to do with it. So I just switched our entire network over to DHCP
> assigned IPs in preparation for another project. But in doing that,
> I've come to realize that anyone could plug in their machine and
> manually set their IP address and by-pass the DHCP discovery all
> together. And thus also gaining access to our internal network,
> something we might not necassarily want to allow. So the question now
> is, is there some way to restrict traffic to only those assigned IPs
> (through DHCP) and block anything else that happens to show up on the
> network? Maybe through iptables somehow?
FWIW, I feel the only truly secure way to do this is to use managed switches.
More information about the users
mailing list