[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

validating IP address & hardware address

I am setting up a server in a school network that runs a squid cache
(1.1) with proxy authentication. The server is dual-homed with one
interface on the internet (56K) and functions as a simple firewall. The
server also runs dhcpd, primarily serving out pre-defined IP addresses
based upon hardwarte addresses to macs running MacTCP and Open
Transport. This setup provides excellent performance and an auditable
log of web accesses while protecting the internal network; the macs have
no other route to the internet.

However, the macs are physically unsecured, although students are
unlikely to monkey with the hardware. Hence, any moderately enterprising
prankster could manage to alter the networking setup either directly or
by loading a bootleg AdminTCP program or some such. Thus they could set
the IP address explicitly. This would jeopardize one of my audit
capabilities: identifying the hardware location of the person making a

What I would like to do is validate that the IP address and the hardware
address of any request correspond to those in my dhcpd.conf. ARP/RARP
provide the raw tools to do this. What I am looking for is an easy way!
Perhaps I could hack redir...but I am sure someone must have already
addressed this with a utility.


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: