[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: kudzu auto mode



> 
> 
> John Vasileff said:
> >> In most Corporate Networks, DHCP is a pretty safe assumption.  You can
> >> configure dhcpd to force a certain IP to a certain MAC address and to
> >> ignore any MAC Addresses that don't have a forced address.  As of dhcpd
> >> 3.0 there are failover capabilities.  I've yet to hear any (good)
> >>reasons
> >> to not run DHCP for workstations.  Servers though are another matter.
> >
> > DHCP is great, but if for no other reason than security, I don't want
> > machines jumping online without explicitly configuring them to do so.
> 
> First off, I've heard that explanation before and don't buy it.  Any
> script kiddie worth his braces can fire up a sniffer, determine your
> network/netmask and grab a valid IP Address.  Your not stopping anyone by
> not running DHCP.
> 
> Second, if you're really concerned about giving out leases to MACs you
> haven't blessed then do as I said above and configure DHCPD to give out
> static IP addresses to MACs you've manually entered in the database and do
> not create a open "range" of leases.  Manually setting hundreds of IP
> Addresses for client machines makes something trivial for DHCP like
> changing a gateway or DNS server darn near impossible.

Like I said, DHCP is great; I have no problems with DHCP for
non-server networks.  What I don't like is "ONBOOT=yes" getting set
without user intervention on install or when a new network card is
detected.

John


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]