On Fri, 17 May 2002, leon wrote:
> Date: Fri, 17 May 2002 21:12:25 -0400
> From: leon <[EMAIL PROTECTED]>
> To: 'Richard Westlake' <[EMAIL PROTECTED]>,
> 'Chris' <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: RE: DHCP Security Questions
>
> Couldn't checkpoint meta-ip do what the original poster asked?
I don't think so.
I haven't use checkpoint meta-ip but from the web site it would appear
to be tool for managing your IP addresses, DNS data and the DNS and DHCP
servers services. Every thing is OK if all the clients play by the rules
and only use addresses obtained from the DHCP server, this should be true
for meta-ip or any other DHCP server.
However the problem is someone configuring a clients IP address by hand
and NOT via the DHCP server. It shouldn't be too much of a problem if they
choose an unused as most DHCP servers will ping an address to check it
is not in uses before issuing it but there are probably security issues
with strange or unknown systems being attached to the network.
The real problem is if someone hand configures an address that is already
in use.
This can mess up network access for both the original owner of the
address and the new system. Imagine the fun it a visitors laptop borrows
the IP address of your main email or file server. Depending on your
network topology some or all of your systems will try and talk to the
laptop thinking its is the server, result MAJOR denial of service and a
large number of unhappy users (and bosses). These problems can be a real
pain to debug and if they only plug the laptop in occasionally you may
intermittent service outages for months, possibly till they leave or
replace the laptop.
I did hear a story years ago of a helpdesk operator who did this to a
DECnet network as a parting gift when they were fired, don't know if it
is true as I only heard the story third hand.
Richard Westlake
School of Crystallography, Birkbeck College, Malet Street, London WC1E 7HX
Tel: 020-7631-6859
----------------------------------------------------------------------
Truth endures but spelling changes -- Anon.
----------------------------------------------------------------------
> On Tue, 14 May 2002, Chris wrote:
>
> > Date: Tue, 14 May 2002 09:10:26 -0700
> > From: Chris <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: DHCP Security Questions
> >
> > I was curious to find out about some issues that I would like to
> > prevent if at all possible. I am running a network with a DHCP server
>
> > handing out public IP's to clients. It is also reserving by the MAC
> > for clients that have static publics. My concern is someone that has
> > legitimate access to the network purposely or accidentally setting
> > their IP to an IP that is already taken and login on to the network
> > and causing problems. Obviously this could really be a problem if it
> > is a business client and are running some sort of server and someone
> > logs on with that IP. Does anyone know of a way to prevent this? If
> > you need more details please ask.
> >
> > Thank You,
> >
> > Chris Raynor
> > Network Security
> > Mendo Link, LLC
> >
> > "An Ounce Of Prevention Is Worth A Pound Of Cure."
> >
> >
>
>
