Re: XP Pro does not map Computer Names to Network IP addresses Why?

On Mon, 30 May 2005 18:18:36 GMT, Dennis@xxxxxxxxxx wrote:

>Chuck <none@xxxxxxxxxxx> wrote:
>>If you have 4 computers, plus the router, on the LAN, with a subnet mask of
>>255.255.255.0, that leaves 250 possible addresses to be hijacked by a wardriver.
>>
>>The only secure setup in the ZAP Trusted Zone would be individual entries - the
>>router, plus the 4 computers, one entry at a time.
>>
>>The router subnet setting determines your subnet. If the router LAN IP address
>>is xxx.xxx.1.1, and the subnet mask is 255.255.255.0, the subnet will be
>>xxx.xxx.1.0/24 (another way of saying xxx.xxx.1.1 / 255.255.255.0). This gives
>>you a subnet with 255 possible host addresses (0 - 254) (you can't use address
>>255 - it's for broadcasts).
>>
>>Now, how did you restrict the computers? Would that be the DHCP scope? If so,
>>that only says that the DHCP server will assign addresses xxx.xxxx.1.200 -
>>xxx.xxx.1.254. But even though the DHCP scope covers only 200 - 254, any
>>computer can assign itself a fixed ip address of anywhere in 0 - 254 (less of
>>course the address used by the router LAN address, generally but not always 1).
>>
>>If the subnet permits 255 addresses, the scope of the DHCP server only restricts
>>DHCP assignments. It doesn't restrict addresses that can be used. If you
>>restrict your DHCP scope to whatever, a wardriver can still assign himself any
>>address inside or outside that range, but on the subnet.
>>
>>The only valid way to restrict by subnet is to setup a subnet mask properly.
>>This means that YOUR computer population has to be conveniently numbered at
>>exactly a power of 2 less 1. Simplest example - if you have 255 computers, a
>>subnet mask 255.255.255.0 would work. If you have 127 computers, use
>>255.255.255.128. If 63 computers, use 255.255.255.192. Do you see the
>>mathematical sequence here?
>>
>>If you have 4 computers plus a router, you have 5 addresses. You could use
>>255.255.255.248, which would give 7 possible addresses. This would leave 2
>>addresses for use by any wardriver that associates with the WAP, and DHCP will
>>happily assign one if requested.
>>
>>For any subnet, restricting purely by subnet is a dodgy procedure.
>
>Ok Thanks I've really learned a lot!
>
>So what you are saying is to assign each computer a static IP and subnet like
>xxx.xxx.1.200/255.255.255.248. In the ZAP Firewall Zone only put the assigned
>static IP's in the Trusted Zone.
>
>The ZAP Trusted network would still be xxx.xxx.1.0/255.255.255.248?
>In the LinkSys router I would put the xxx.xxx.1.1 and 255.255.255.248 as the
>IP/Subnet mask?
>
>If I use static IPs for each computer and in the ZAP Firewall Zones does it
>matter if I also change the subnet from 255.255.255.0 to 255.255.255.248?

Dennis,

Any computer on a subnet has to have an ip address with the same subnet, plus an
identical subnet mask, assigned to it, either by DHCP, or as a static setting.

In ZAP Trusted Zone on each computer, you only enter the fixed ip address of
each computer (and the router). You only enter the subnet mask in one place.
If you use DHCP (which I strongly suggest you don't do), in the DHCP
configuration on the router. If you're using fixed IP settings, you enter:
- IP Address
- Subnet Mask
- Default Gateway
- DNS Servers
In the TCP/IP Properties wizard on each computer. Just enter an identical
subnet mask everywhere, or you will have problems. If the ZAP Trusted Zone
depends only upon fixed, individual ip addresses, you can use any convenient
subnet mask (theoretically you could use 255.255.0.0, if you had 255 x 255
computers on the LAN, but your router would probably crash and burn before
long), safely.

--
Cheers,
Chuck
http://nitecruzr.blogspot.com/
Paranoia is not a problem - it's a normal response from experience.
My email is AT DOT
actual address pchuck sonic net.
.

Relevant Pages

  • Re: [SLE] DHCP vs Static IP - SUSE 10.0
    ... I just want NFS and Internet access to work. ... It appears that the router is also a DHCP server. ... is there any reason to have a subnet with static IPs? ...
    (SuSE)
  • Re: DHCP Dual Network Setup
    ... able to detect the DHCP servive on the router even if is is on another ... to detect the active DHCP servers on your network. ... that tool from your internal subnet so can SBS ... ... I have a Wireless internet router on on the internet ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem with DNS on SBS and on router
    ... to a different subnet. ... Then disable DHCP on the router, ... The SBS server will then route between the SBS LAN ... In my installation there is a router with DHCP connecting my ...
    (microsoft.public.windows.server.sbs)
  • Re: Noob basic network segmenting help
    ... subnet per floor to allow more hosts and more management of traffic ... If I put a router on each floor for each new subnet what are the ... implications for DHCP, domain controllers, etc? ... It'd be cheaper to use one Router with enough Interfaces for each segment. ...
    (microsoft.public.windows.server.networking)
  • RE: 2 x DC, 2 sites and NT4 servers same domain HELP
    ... Your understanding is correct that you can add second DC in another subnet ... as long as there is router can provide the route. ... subnet to provide DHCP function for 192.168.86.0 scope will be ... better than using the original DHCP server in 192.168.82.0 subnet. ...
    (microsoft.public.windows.server.migration)