[Fedora] Re: DHCP security
Ed Kasky
ed at esson.net
Wed Oct 10 03:08:44 UTC 2007
At 7:57 PM -0600 10/9/07, you wrote:
>Ed Kasky wrote:
>>That depends on your wireless device. I use Linksys and use static
>>dhcp based on mac address as well as WEP for a more secure
>>netowrk. If the mac address is not in the list, it won't get access.
> This might work for wireless, however in a mixed environment,
>where one DHCP server is serving both wired as well as wireless,
>that might not work. Assuming a client actually broadcasted a
>DHCPREQUEST to get an IP, you can have the DHCP server deny it based
>on it being an unknown MAC. But if someone manually configures
>their machine and simply plugs into your network, how will your DHCP
>server know to block them? It never assigned an IP to them, it
>never even received a request for an IP, so how would it know what
>to do?
Not sure but I know it's possible. I work at a very large university
that does exactly that. If your mac address is not properly
registered and it is sensed on the network, even if you manually
configure the ip address, your port will shut down. Is that
accomplished through switch management?
Ed
--
Randomly Generate Quote:
Always remember you're unique, just like everyone else.
More information about the users
mailing list