DHCP security
Steven Stern
subscribed-lists at sterndata.com
Wed Oct 10 00:08:09 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/09/2007 06:49 PM, Ed Greshko wrote:
> Ashley M. Kirchner wrote:
>> While I realize DHCPd isn't a security program of any kind, this does
>> have to do with it. So I just switched our entire network over to DHCP
>> assigned IPs in preparation for another project. But in doing that,
>> I've come to realize that anyone could plug in their machine and
>> manually set their IP address and by-pass the DHCP discovery all
>> together. And thus also gaining access to our internal network,
>> something we might not necassarily want to allow. So the question now
>> is, is there some way to restrict traffic to only those assigned IPs
>> (through DHCP) and block anything else that happens to show up on the
>> network? Maybe through iptables somehow?
>
> FWIW, I feel the only truly secure way to do this is to use managed switches.
>
I've been on university systems that use a hotel-like system. On the
first connection on port 80 to any address, one is directed to an
authentication page. All access is blocked to any address on all ports
until that authentication is given.
- --
Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHDBfpeERILVgMyvARAqEtAJ45OFblzAXb9xmn0ZZoj10OY+GU6QCfRvsK
fpS4uNoJtTC1KH8yvWffFak=
=0Cr/
-----END PGP SIGNATURE-----
More information about the users
mailing list