Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: user based IP address assginment
From: John Adams <jna () retina net>
Date: Wed, 1 Nov 2000 14:37:59 -0500 (EST)

On Tue, 31 Oct 2000 Jeffery.Gieser () minnesotamutual com wrote:

#What i want to do is to "hard-wire" an IP to an User! (_not_ to a
machine).
#The platform can be WinNT 4/5 or Netware 4/5.

     I am pretty sure there is no way to do this in Windows.  The issue
here is how DHCP/BOOTP/RARP work.  In all instances at bootup time a
machine sends out it's MAC address and receives an IP address.  The issue
here is that you log in after your machine has an IP address.  Since you
need to reboot every time you change your IP address in Windows 95/98/NT,

This is incorrect. 

   ifconfig /release <interface>
   ifconfig /renew <interface>

or using winipcfg will allow you to reacquire a DHCP lease and a new IP
address. 

you really cannot assign an IP address based on username.  You could place
a DHCP server on every local network and write a new protocol that sends a
username and password with every DHCP request=) Short of that I do not see
what else you can do.  With UNIX you could perhaps use DHCP to grab an

Well, there are a couple of things he can do. If the intended result is to
hard ware an IP to a user for tracking and ACL control, Meta IP can be
used to communicate with a firewall to control dynamic ACLs on the
firewall based on the Windows NT login. You could also use QIP (but it's
very expensive) to audit based on domain login names.

initial IP address and then write a script that queries a server for
another IP address, adds the new IP address to the NIC, and deletes the old
IP address.  I do not know how Netware works but if they do not require a

If you were designing a protocol like this, This shouldn't take place in
Layer 3; it should take place based on Mac address and username (i.e.
insert the user name into a broadcast, etc.) 

--john

--
J. Adams                                        http://www.retina.net/~jna
You are supposed to be a consumer, a black hole for goods, advertising and
content. They only want to allocate enough upstream bandwidth for
10,000,000 buy buttons. Producing or sharing information is a subversive
act and will not be tolerated. -anonymous coward on /.



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault