Not being able to distinguish between a valid client or
not from a network perspective makes it pretty hard. You can
easily stop this accross the board (with a router, etc).
It may be a bit more of a hassle but if you know the valid
clients MAC address ahead of time you could filter out that
way as well. However its not foolproof against a malicious
person intent on gaining access.
In regards to wireless, outside from the above I have seen
implementations that use a VPN connection that must be
established before you can access any network resources.
-Jimmy
-----Original Message-----
From: Sarbjit Singh Gill [mailto:ssgill_at_gilltechnologies.com]
Sent: Monday, December 02, 2002 10:46 AM
To: security-basics_at_securityfocus.com
Subject: Preventing DHCP from allocating IPs
Greetings all,
How do i prevent a client from getting an IP from my DHCP in an Ethernet
network. I know i could reserve IPs for all other clients and nobody gets an
IP unless reserved earlier, but i have hundreds of clients. I frequently
have visitors who need to plug in their laptops into the network and i have
visitors who are not allowed to plug in their laptops into the network and
get IPs. I do not want these visitors who are not allowed to access the
network to get an IP and start accessing internet through my network.
What about in a wireless environment. How do i prevent it in a similar
capacity.
Kind Regards
Gill
Received on Dec 03 2002
Intro
