At 01:10 PM Tuesday, 10/9/2007, Ashley M. Kirchner wrote -=>
While I realize DHCPd isn't a security program of any kind, this does have to do with it. So I just switched our entire network over to DHCP assigned IPs in preparation for another project. But in doing that, I've come to realize that anyone could plug in their machine and manually set their IP address and by-pass the DHCP discovery all together. And thus also gaining access to our internal network, something we might not necassarily want to allow. So the question now is, is there some way to restrict traffic to only those assigned IPs (through DHCP) and block anything else that happens to show up on the network? Maybe through iptables somehow?
Limiting access via mac address is usually done in large wans where they don't want just anyone plugging in. I don't run dhcpd but would venture to guess that if you just use static ip's mapped to allowed mac addresses, you would have at least that level of security.
I would also check and see how large universities limit access. I have seen it implemented but never bothered to ask how they do it...
HTH Ed . . . . . . . . . . . . . . . . . . Randomly Generated Quote (880 of 1282): One of the most time-consuming things is to have an enemy. -E.B. White, writer (1899-1985) -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
