[Fedora] Re: DHCP security
Andy Green
andy at warmcat.com
Wed Oct 10 07:57:57 UTC 2007
Somebody in the thread at some point said:
> The DHCP server is configured to only service known MAC addresses,
> however this won't stop an unknown MAC from getting onto the network
> with an available IP already configured. DHCP server won't know about
> it and thus won't do anything about it. So to me, this is something
> beyond what the DHCP server itself can do (or should do). That's what
> I'm looking for, some way to block everything else that may pop up, that
> did not use the DHCP server to get an IP to begin with.
Little-known thing, wpa_supplicant can work with wired networks too
(-Dwired). If everyone on the network has to know the WPA encryption
passphrase to even talk that is going to cause trouble for MAC-fondlers
and other scoundrels.
You use hostap on one box for the others to authenticate against, a sort
of wired "access point".
Of course, it doesn't necessarily help much if mortal users (or they are
root themselves) can read /etc/wpa_supplicant/wpa_supplicant.conf and
see your keys...
-Andy
More information about the users
mailing list