Security Basics mailing list archives

Re: About War Driving ..


From: FatalSaint <admin () linuxniche com>
Date: Wed, 06 Dec 2006 16:34:43 -0700

I haven't been following this thread but I'm just wondering how big of
a network is being supported/discussed when discussing the turning off
of DHCP and managing the static IPs and static routes?

Not sure I follow.

Leaving DHCP open with no filtering and just randomly assigning addresses
makes auditing and tracking an admin's nightmare in incident response. 
Whatever size network.

I run my own smaller networks with 15 or so on the LAN and less than 10
on the DMZ.

I've also worked with the largest Windows Active Directories in the
world (AD's that span from Hawaii to Maine in the US - and every state
in between); who also use Static IP's with Port Security on every LAN
Access jack.  If you plug the wrong IP or MAC into a network jack, it is
immediately disabled and the admin's are notified (granted there is
huge admin staff with seperate divisions at each larger site with main
server banks in various locations).

My father was 1 of maybe 3 or 4 Systems administrators in a company with
about 300 users.

All of the above were static.  And when there were security incidents
there were logs and details and a place to start. When a user check's
in, they are assigned a PC, with a MAC and an IP and it's is put inside
an encrypted log file.

I'm not saying I'm an expert here.. but so far in my experience I've
never seen an absolute need for DHCP that outweighs the risk of allowing
unauthorized PC's to get on your network.  At least make an intruder
work for it.

On 12/6/2006, "Brian Loe" <knobdy () gmail com> wrote:

I haven't been following this thread but I'm just wondering how big of
a network is being supported/discussed when discussing the turning off
of DHCP and managing the static IPs and static routes?

There's something to be said for simplicity and an admin with a light
work load when it comes to security...IMHO.

On 12/5/06, FatalSaint <admin () linuxniche com> wrote:
Ansgar -59cobalt- Wiechers wrote:

2) Disable DHCP if you have it running or


--Pointless, because the attacker can spoof a valid IP address.


Correct - tack on some time for him to find one.


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------


Current thread: