DHCP security
kalinix
calin.kalinix.cosma at gmail.com
Tue Oct 9 21:22:19 UTC 2007
On Tue, 2007-10-09 at 20:15 +0000, Mike C wrote:
> Ashley M. Kirchner <ashley <at> pcraft.com> writes:
> > So the question now
> > is, is there some way to restrict traffic to only those assigned IPs
> > (through DHCP) and block anything else that happens to show up on the
> > network? Maybe through iptables somehow?
>
> You can usually arrange to restrict machine that connect to only those with
> specified MAC address on the connecting interface - whilst this can be worked
> around by someone clever they would need to spoof the known MAC address of one
> of the machine in your list - but it is safer than not having a restriction to
> only known MAC addresses
> HTH
>
>
>
You can use NetReg (http://netreg.sourceforge.net/) to strengthen your
dhcp access. On the other hand you can user arpwatch to see if a system
changes it's hw address. And last, but not least you can use an
authenticated firewall (NuFW comes right now into my mind).
HTH
Calin
=================================================
Isn't it strange that the same people that laugh at gypsy fortune
tellers take economists seriously?
More information about the fedora-list
mailing list