Re: DHCP
hi andrew
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
- it is bad to allow just anybody plug in their laptops
with all the fun virus' and rootkits and let them run amuck
and than disappear after causing major "email traffic: what
happened" and have to go fix it ( whatever they did )
- all you know is somebody plugged something in at a ip# or
mac address
- i like setting up a dummy 386 machine that uses up all the unused
ip# to prevent people from picking arbitrary ip# that they
should NOT be using ( that is supposedly available )
- spoofing and other techie stuff requires one more year of school
and yes... that is lot harder to prevent by the determined hacker
or employee-that-wanna-get-around-the-dumb-security-policy
c ya
alvin
On Tue, 29 Oct 2002, Andrew Sayers wrote:
> I'm not a huge expert on all of this, but here are a couple of
> thoughts...
>
> Unless you're monitoring IP/MAC addresses to try and detect
> spoofing, knowing a machine's IP address is already useless from a
> security POV. Even then, MAC addresses can be spoofed. Given that,
> DHCP can't really make things much worse :)
>
> Another problem is that ISTR some mis-configured Win2K boxes run a DHCP
> server by default, and some mis-configured students will doubtless enjoy
> bringing rogue servers onto your network. You should make sure to look
> out for any unauthorised DHCP-offer packets floating around.
>
> Similarly, students could potentially use a rogue DHCP server as the
> first stage in an attack against another machine. This would be a lot
> of work, though - anyone smart enough to do this is probably wouldn't
> need to change their marks on the exam :)
>
> - Andrew Sayers
>
Reply to:
- Follow-Ups:
- Re: DHCP
- From: Rick Moen <rick@linuxmafia.com>
- References:
- Re: DHCP
- From: Andrew Sayers <andrew-list-debian-security@ccl.bham.ac.uk>