Home page logo
/

basics logo Security Basics mailing list archives

Re: Deny client from obtaining IP address
From: "Balaji Prasad" <bpmlist () sonic net>
Date: Mon, 31 Jul 2006 09:41:22 -0700 (PDT)

Rolando:
  The functionality that you are requesting falls in a new breed of
products that use a concept called Network Admission Control or Unified
Access Control. This forms the layer 2 component of the above, where the
authentication is done using 802.1x protocols, subsequent to which the
host is authorized to access the LAN
It must be noted however that the client will need an IP address to get
authorized, but it wont be able to access the network. The auth can be
hooked up with AD or Radius as you please.
All major players, Symantec Juniper and Cisco have products in the market
or the pipeline.

- Balaji

Nathan Sportsman#>
I believe the only way you can configure a DHCP server to ignore
DHCPDISCOVER broadcasts is to setup restrictions by MAC address (which
can be spoofed). I do not see how you can restrict IP leasing via
Active Directory user authentication. You can restrict other network
resources until authentication has occurred via AD, but the client
system must already have an IP for this communciation to occur.
Meaning the DHCP server has already been solicited and assigned an IP.

Thanks
Nathan

On 7/27/06, rolando_ruiz () jetaviation com <rolando_ruiz () jetaviation com>
wrote:
Hello all,

Is there a way that in DHCP or so, one can deny a client computer from
obtaining an IP address? We use Microsoft servers ADS environment and
I'd like to allow only those we want to obtain
an IP address. I don't want to make it too restricted where authorized
users are unable to connect. I'm sure there are some 3rd party apps that
can handle this and I welcome suggestions on those also. This is a
solution for denying connectivity to outsiders.

Thank you



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------





---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]