Re: Secure your DHCP



Hello,

I can only think of allocating via dhcp reservation using network card
mac addresses. This just means more work for you.

Create an exclusion of your whole DHCP scope (So no IP's are free to be
allocated ... dependign on lease expiry's this should not cause an issue
with current leases) and then in the reservations section, manually
assign each mac address an Ip address from what was in your pool.

This would be a very painful way to do this but it would be effective.
Personally, I would work out what resources a rouge laptop would get. If
they can't get onto the network servers (as they don't have credentials)
and it is just internet, maybe stop pushing out gateway addresses in
DHCP and manualy assign the gateway at PC's that need to surf the
internet.

If they do have credentials and can move about your network on their
personal laptops you can then look at the DHCP reservations.

Then if someone is smart enough, they can always statically assign an IP
and still get access. This is not going to help your cause.

I personally think you are after a different solution.

Thanks




Holz wrote:

Anyway for me to prevent or limit who can connect and obtain DHCP address?
We have been cleaning this new client's network for the past 3 weeks. about
70 nodes.
He has some employees that will bring their laptop to work, unplug their
station and plug the laptop for personal use!!! Let's not go into the work
environment atmosphere, we have already explained him the risks he is
facing. He claims he will start the firing shortly, however until then I
want prevent them from even obtaining a DHCP address.
I have to have large scope since he has many legitimate guests coming in on
a daily basis, and the need to use the net when they have projects and demo
to go over. I suggested that we create a secured wireless network for the
guests with a MAC address filter, but no luck, since they work weekends and
are not willing to add the MAC themselves. They just want to plug and work.
Is there any 3rd party option to use something like MAC filter in a home
router?
I though that at the age of 50 I have already seen everything....



--
Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
Systems Engineer
Visit http://www.mickyj.com
.



Relevant Pages

  • Re: Preventing DHCP from allocating IPs
    ... Each segment is physically separate with a Linux ... unknown MAC addresses firstly don't get a DHCP ... >> wants access to your network, they will have to come to you to obtain ...
    (Security-Basics)
  • RE: DHCP
    ... Asunto: Re: DHCP ... I am looking for a way to block any PC that plugs into my network ... Windows Server 2008 can do this, but I'm not sure about 2003. ... MAC, this server will send IP address and parameters for configure the ...
    (Security-Basics)
  • Re: dial-up to ethernet
    ... >255.255.255.0 (Mac agrees), network is ... >Especially about DHCP? ... then restart networking ("/etc/init.d/networking restart", ...
    (Debian-User)
  • RE: Blocked IP address - What is MAC 24:5e:0d:1c:06:b7 ?
    ... Can you elaborate some more about the DHCP question? ... Not sure why your get a different Mac address but on the terminal server you ... Also depends how your DHCP is setup, do you have DHCP on your network? ...
    (microsoft.public.windows.terminal_services)
  • Re: DHCP MAC Address Authentication
    ... You need something besides DHCP to get the kind of security you want. ... Check the network devices on your network to see if ... > But I is an better security level than no dhcp reservation? ...
    (microsoft.public.win2000.networking)