Security Basics mailing list archives

RE: Preventing DHCP from allocating IPs

From: "Wollenslegel, Troy (T.A.)" <twollens () visteon com>
Date: Tue, 3 Dec 2002 16:33:15 -0500

Some of the commercial DHCP servers such as Cisco have interesting options
to help with the secure allocation of IP addresses. There are options to
give clients "private" IP addresses that only have access to an
"authentication" web server, once the clients authenticate to the web server
(username/password?) their MAC is known and they can get a routable IP
address. I have not used these, so don't know all the security issues, or
what other options are available. As Jon said, this doesn't prevent MAC
spoofing, but once someone is physically attached to your network, you
probably have more things to worry about. 

Troy

Troy Wollenslegel
Visteon Corporation
VCS II,  Room N171,
5900 Mercury Drive, Dearborn, MI 48126
phone/fax 313-722-1030

-----Original Message-----
From: jon kintner [mailto:jon.kintner () lvcm com]
Sent: Monday, December 02, 2002 2:04 PM
To: ssgill () gilltechnologies com; security-basics () securityfocus com
Subject: Re: Preventing DHCP from allocating IPs


I know mac addresses can be spoofed pretty easily, but could you setup an
access list or filter that would disallow all mac addresses except for the
ones specified on your network(s)?
The initial setup would probably be tedious, but it's worked fairly well to
keep most unauthorized logins off the network at the college I attend.

-jon kintner

----- Original Message -----
From: "Sarbjit Singh Gill" <ssgill () gilltechnologies com>
To: <security-basics () securityfocus com>
Sent: Monday, December 02, 2002 7:22 AM
Subject: Preventing DHCP from allocating IPs

Greetings all,

How do i prevent a client from getting an IP from my DHCP in an Ethernet
network. I know i could reserve IPs for all other clients and nobody gets

an

IP unless reserved earlier, but i have hundreds of clients. I frequently
have visitors who need to plug in their laptops into the network and i

have

visitors who are not allowed to plug in their laptops into the network and
get IPs. I do not want these visitors who are not allowed to access the
network to get an IP and start accessing internet through my network.

What about in a wireless environment. How do i prevent it in a similar
capacity.

Kind Regards
Gill

Current thread:

Re: Preventing DHCP from allocating IPs, (continued)
- - - Re: Preventing DHCP from allocating IPs jon kintner (Dec 04)
    - RE: Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 05)
    - Re: Preventing DHCP from allocating IPs Hasnain Atique (Dec 06)
    - RE: Preventing DHCP from allocating IPs Sarbjit Singh Gill (Dec 06)
    - Re: Preventing DHCP from allocating IPs Hasnain Atique (Dec 06)
    - Re: Preventing DHCP from allocating IPs Tony Meman (Dec 09)
    - Re: Preventing DHCP from allocating IPs jon kintner (Dec 09)
    - Re: Preventing DHCP from allocating IPs Gene (Dec 11)
    - Re: Preventing DHCP from allocating IPs Tony Meman (Dec 12)
- Re: Preventing DHCP from allocating IPs Fred Williams (Dec 04)
- RE: Preventing DHCP from allocating IPs Wollenslegel, Troy (T.A.) (Dec 04)
- RE: Preventing DHCP from allocating IPs wbjw (Dec 05)
- RE: Preventing DHCP from allocating IPs CTillett (Dec 06)
- RE: Preventing DHCP from allocating IPs Gary Turovsky (Dec 06)
- RE: Preventing DHCP from allocating IPs Chad Agate (Dec 06)
- RE: Preventing DHCP from allocating IPs Smith, Chris (Dec 06)
- Re: Preventing DHCP from allocating IPs David Verty (Dec 20)