I'd create a pool, put that MAC in the pool, and then use
subnet 192.168.9.0 netmask 255.255.255.0 {
range 192.168.9.125 192.168.9.200;
deny members of "pool";
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.9.255;
...
}
That way you can use the pool for other uses, like denying any MAC that is
insecure, not paid their bills, etc.
Dave
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Tim Evans
Sent: Friday, July 16, 2010 3:52 PM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: [rhelv5-list] Deny DHCP Address by MAC Address?
A .EDU with insecure offices, network outlets, and labs, is trying to
track down a rogue DHCP client on their network that also happens to be
infected with conficker.
They have a completely open DHCP setup:
ddns-update-style ad-hoc;
authoritative;
subnet 192.168.9.0 netmask 255.255.255.0 {
range 192.168.9.125 192.168.9.200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.9.255;
option routers 192.168.9.1;
option domain-name-servers 192.168.9.4;
option domain-name "xxx.xxx.xxx";
}
Any connected machine can get an address from the range specified in the
config file. Bouncing this one's lease merely results in it getting a
new one.
They know the rogue machine's MAC address, of course. Can they deny it
a DHCP address based only on the MAC? How?
--
Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court
UNIX System Admin Consulting | Owings Mills, MD 21117
http://www.tkevans.com/ | 443-394-3864
http://www.come-here.com/News/ | [email protected]
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
