Re: Forced DHCP setup

To: "Alex Borges (lex)" <alex@co.com.mx>, debian-isp@lists.debian.org
Subject: Re: Forced DHCP setup
From: Kourosh <debian@mindwaresystems.com>
Date: Wed, 30 Oct 2002 14:21:43 -0800
Message-id: <[🔎] 20021030222143.GD25979@mindwaresystems.com>
In-reply-to: <1036014945.3121.6.camel@lex>
References: <[🔎] 1036013941.3116.2.camel@lex> <[🔎] 20021030215721.GC15468@mindwaresystems.com> <1036014945.3121.6.camel@lex>

Alex,

I suppose you could parse your leases file and create your
firewalls ruleset from that.  I know that it's possible to
have DHCP notify a DDNS server to update its records so maybe
it would be possible to have the DHCP server update a firewall
ruleset on the fly.

Of course, that doesn't stop someone from setting their own IP
to that of another user.  Joe Average Windows user won't know
how but it's not very strong security.

Other than that, you could try setting up a proxy forwarding requestes
to a login page as another poster suggested but that may be _too_ 
cumbersome for an ISP.

Regards,

Kourosh

On Wed, Oct 30, 2002 at 03:55:45PM -0600, Alex Borges (lex) wrote:
> Tx for the fast response....:)...
> 
> Now, i know i can assign static ip's through macs and i already have
> some ways to collect all macs from everybody, no problem. The thing is,
> what if the user changes his ip address? .... How can i ensure that, if
> you dont have a lease in dhcp (if you didnt get it from dhcp) then youre
> blocked.....
> 
> Im a checking the mans of course....tx a lot ...
> 
> Lex
> 
> El mi?, 30-10-2002 a las 15:57, Kourosh escribi?:
> > On Wed, Oct 30, 2002 at 03:39:01PM -0600, Alex Borges (lex) wrote:
> > > Hey... I want to tie up users to ip addresses and machines. This way i
> > > can easyly mangle bandwith, squid acls and lots of stuff through my
> > > woody box....
> > > 
> > > 
> > > So im thinking maybe the solution is to force users to obtain ip's from
> > > dhcp and, i users take an ip for which they have no lease, bloack them
> > > with iptables or somwthing...
> > > 
> > > 
> > > Im thinking this is probably an old trick so im asking here for pointers
> > > and stuff as i parallely STFW for this setup... ne ideas?
> > > 
> > >  
> > > -- 
> > > Alex (Lex) Borges
> > > Software Engineer
> > > Step One Group
> > > www.sogrp.com
> > 
> > 
> > Alex,
> > 
> > It is possible to set up DHCP so that a client always gets the same IP address
> > by using it's MAC address.  If you set up DHCP to only have reserved IP's using
> > the MAC address and no other IP pool then they can't pick up any other address.
> > 
> > Of course, someone can spoof a MAC and they can still set up their system with
> > a fixed IP but casual users generally don't know how.
> > 
> > It does require that you know their MAC address they can then only use that
> > particular NIC unless you make the change.
> > 
> > Man dhcpd.conf for more details.
> > 
> > Many universisties and some ISPs do this.
> > 
> > I don't believe it's possible to have a user log in to get an IP.
> > 
> > Hope this helps.
> > 
> > Kourosh
> -- 
> Alex (Lex) Borges
> Software Engineer
> Step One Group
> www.sogrp.com
>

Reply to:

References:
- Forced DHCP setup
  - From: "Alex Borges (lex)" <alex@co.com.mx>
- Re: Forced DHCP setup
  - From: Kourosh <debian@mindwaresystems.com>

Prev by Date: Re: Forced DHCP setup
Next by Date: RE: Forced DHCP setup
Previous by thread: Re: Forced DHCP setup
Next by thread: Re: Forced DHCP setup
Index(es):
- Date
- Thread