[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: kudzu auto mode

John Vasileff said:
>> In most Corporate Networks, DHCP is a pretty safe assumption.  You can
>> configure dhcpd to force a certain IP to a certain MAC address and to
>> ignore any MAC Addresses that don't have a forced address.  As of dhcpd
>> 3.0 there are failover capabilities.  I've yet to hear any (good)
>> to not run DHCP for workstations.  Servers though are another matter.
> DHCP is great, but if for no other reason than security, I don't want
> machines jumping online without explicitly configuring them to do so.

First off, I've heard that explanation before and don't buy it.  Any
script kiddie worth his braces can fire up a sniffer, determine your
network/netmask and grab a valid IP Address.  Your not stopping anyone by
not running DHCP.

Second, if you're really concerned about giving out leases to MACs you
haven't blessed then do as I said above and configure DHCPD to give out
static IP addresses to MACs you've manually entered in the database and do
not create a open "range" of leases.  Manually setting hundreds of IP
Addresses for client machines makes something trivial for DHCP like
changing a gateway or DNS server darn near impossible.

Jay Lee
Network / Systems Administrator
Information Technology Dept.
Philadelphia Biblical University

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]