DHCP security - SMB

This is a discussion on DHCP security - SMB ; is it possible for to restrict the access to a DHCP server based on MAC adds. i.e the server should only assings ips to varified MACs, so as to prevent rougue machines from entering the network...

+ Reply to Thread
Results 1 to 4 of 4

Thread: DHCP security

  1. DHCP security

    is it possible for to restrict the access to a DHCP server based on MAC
    adds.

    i.e the server should only assings ips to varified MACs, so as to
    prevent rougue machines from entering the network


  2. Re: DHCP security

    > is it possible for to restrict the access to a DHCP server based on MAC
    > adds.
    >
    > i.e the server should only assings ips to varified MACs, so as to
    > prevent rougue machines from entering the network


    1. I don't see how this is connected to 'comp.protocols.smb'

    2. If a person gets access to your network he can sniff the traffic and
    change his MAC address to one of your computers (yes MAC address can be
    changed)

    3. Linux can filter packets based on MAC address, see ebtables.

    --
    damjan

  3. Re: DHCP security

    sorry dint think of that... but this is for an entprise solution at
    work and was bombarded with the query.... thanks anyway


  4. Re: DHCP security

    rayo.dalal@gmail.com wrote:

    > is it possible for to restrict the access to a DHCP server based on MAC
    > adds.
    >

    Yes, you just need to have _no_ "allow unknown-clients;" directive in your
    dhcpd.conf. Or you can even assign boogy (unusable) IPs to "unknown
    clients". Read the manpage to dhcpd.
    But then, it isn't _smb_ or related, so better continue in a appropriate
    group.

    > i.e the server should only assings ips to varified MACs, so as to
    > prevent rougue machines from entering the network


    Not too much use as a security tool. MAC numbers in your network are no
    secret, and can be spoofed without much effort. Many windows drivers have a
    "network address" field in their advanced settings ...
    --
    Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
    *to*remove*offending*incompatible*products.**React ivate*MS*software.
    Linux woodpecker.homnet.at 2.6.10-mm1[LinuxCounter#295241,ICQ#4918962]

+ Reply to Thread