DHCP security
Ed Kasky
ed at esson.net
Tue Oct 9 21:48:33 UTC 2007
At 01:10 PM Tuesday, 10/9/2007, Ashley M. Kirchner wrote -=>
> While I realize DHCPd isn't a security program of any kind, this
> does have to do with it. So I just switched our entire network
> over to DHCP assigned IPs in preparation for another project. But
> in doing that, I've come to realize that anyone could plug in their
> machine and manually set their IP address and by-pass the DHCP
> discovery all together. And thus also gaining access to our
> internal network, something we might not necassarily want to
> allow. So the question now is, is there some way to restrict
> traffic to only those assigned IPs (through DHCP) and block
> anything else that happens to show up on the network? Maybe
> through iptables somehow?
Limiting access via mac address is usually done in large wans where
they don't want just anyone plugging in. I don't run dhcpd but would
venture to guess that if you just use static ip's mapped to allowed
mac addresses, you would have at least that level of security.
I would also check and see how large universities limit access. I
have seen it implemented but never bothered to ask how they do it...
HTH
Ed
. . . . . . . . . . . . . . . . . .
Randomly Generated Quote (880 of 1282):
One of the most time-consuming things is to have an enemy.
-E.B. White, writer (1899-1985)
More information about the fedora-list
mailing list