DHCP security
Ed Kasky
ed at esson.net
Wed Oct 10 01:12:05 UTC 2007
At 7:20 PM -0500 10/9/07, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 10/09/2007 07:20 PM, Alan Cox wrote:
>>> I've been on university systems that use a hotel-like system. On the
>>> first connection on port 80 to any address, one is directed to an
>>> authentication page. All access is blocked to any address on all ports
>>> until that authentication is given.
>>
>> Which means an attacker simply sits on the network waits for someone to
>> authenticate and then takes on their MAC address.
>>
>> Alan
>>
>
>I suppose on a wired system, you could map each MAC address to a port on
>a switch and require re-authentication if the port changes. It gets
>trickier if this is done on wireless.
That depends on your wireless device. I use Linksys and use static
dhcp based on mac address as well as WEP for a more secure netowrk.
If the mac address is not in the list, it won't get access.
Ed
--
Randomly Generate Quote:
Always remember you're unique, just like everyone else.
More information about the users
mailing list