Security Basics mailing list archives

Re: DHCP

From: "Tim Clewlow" <tim () clewlow org>
Date: Sat, 23 May 2009 06:10:15 +1000 (EST)

You can also look at something like packetfence (packetfence.org).

Its an open source NAC that can do DHCP fingerprinting and deny a
client from getting an IP based on the fact that it is not a
supported
OS.


And a determined intruder can do OS spoofing - please stop trying to
make DHCP into a security system - you will be creating a false
sense of security. Use a protocol that is meant to provide security
- like IPsec.

Cheers, Tim.

-- 
The code that never executes at all is the fastest.


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

DHCP Doug McFarland (May 22)
- Re: DHCP John Bailey (May 22)
  - RE: DHCP Cisternas Marquez, Gonzalo (May 25)
- Re: DHCP Gustavo Campos (May 22)
- RE: DHCP Valentin Fernandez Bolland (May 22)
  - Message not available
    - Re: DHCP Eric Kollmann (May 22)
    - Re: DHCP Tim Clewlow (May 22)
- Re: DHCP Shreyas Zare (May 22)
  - Message not available
    - Re: DHCP Shreyas Zare (May 22)
- RE: DHCP David Gillett (May 22)
- Re: DHCP Nikhil Wagholikar (May 22)
- Re: DHCP Philip Holbrook (May 22)
  - Re: DHCP Tim Clewlow (May 22)
- Re: DHCP bart knippenberg (May 25)
- <Possible follow-ups>
- Re: DHCP auto431078 (May 22)
- Fw: Re: DHCP ( ( ( belly ) ) ) (May 25)