On Wed, Aug 10, 2011 at 16:32, Dennis Gilmore <dennis@xxxxxxxx> wrote: > -1 we have left the range out on pourpose. You can tail the logs work out > the Mac and easily add a static IP. > After doing some thinking, I think our original purpose had flawed assumptions. We didn't want systems just appearing on the .125 that we didn't know about. The problem is that for a system to appear on the .125 and to get a DHCP address, there needs to be physical access to the networks. If an intruder has physical access, they can do multiple items that having a DHCP address would be the least of our worries. Having a range on for short periods of time would alleviate the need for us to have various hardware systems physically unplugged and replugged several times to get the IMM and other cards to ask for a DHCP address while we try to get them configured. If we have the range for a short time, remove the range after it is needed and alert that the range is in existence on the systems via a cron or puppet alert I think we can manage this risk. -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
