TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
this is a general problem with any sort of ip-address-based logging.
if the tool looks up the inverse address in dns at the time of logging
(or while the lease is still in effect), and dns is dynamically
updated by the dhcp server to assign a hostname reflective of user
identity, you don't have a problem.
keep in mind that the ip address is the only thing you *know*.
while unlikely, it is possible that the hostname returned by an
in-addr lookup will change or be manipulated (due to an attack on
a name server) during the brief interval after an event is detected.
a related question is "why use dhcp?".
if you're using it for ease of client configuration (plug and play,
able to make changes at the server end), great.
if you have a random number of uncontrolled mobile machines that need
access on demand, you have a problem.
if you're using dns because you have an *actual* shortage of ip
addresses, and you want them dynamically and frequently reassigned,
you're basically screwed.
the usual recommendations i make in this general respect are:
- use long lease times.
- use a dhcp server that can update dns dynamically with some user
or machine identity information
- keep the dhcp assignment logs so if there's a problem you can
connect the assigned IP address with the nic address that requested.
- preassign leased addresses to specific nics if you can and are paranoid
enough to need to (which implies a tradeoff with plug and play).
as seems usual, many of these things are hard to do with microsoft
vanilla solutions, and easy to do with the open source supersets.
On Fri, Jan 14, 2000 at 09:52:20AM -0500, Bridge, Jim wrote:
>
> I'll try to rephrase my concerns....If DHCP "scrambles" IP addresses--and
> forgive my amateur status in this area--how can you remediate what IS finds?
> The desktops have new IPs tomorrow. Do you need a MetaIP type solution in
> this case?
>
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 14, 2000 9:10 AM
> To: [EMAIL PROTECTED]
> Subject: RE: DHCP and Internet Scanner
>
>
> Would you reword your concerns about Internet Scanner and DHCP. I believe I
> may have similar concerns.
>
> Thanks,
> Arlan Goins
> Audit Manager
> Air Force Audit Agency
>
--
mark seiden, [EMAIL PROTECTED], 1-(650) 592 8559 (voice) Pacific Time Zone
