That works pretty well in most cases, but it won't stop someone really determined from getting onto the network.
If you've got time, plug in, start up a sniffer, and watch for DHCP traffic. Wait for someone to go off the air, and change your MAC address to theirs, (love ifconfig) and then grab an IP address and welcome to the network (also in the mean while, while waiting for the DHCP RELEASE, look for POP mail sesions... just in case there is some form of authentication needed to get beyond the network.) Just my $0.02 On Mon, 2 Dec 2002, jon kintner wrote: > I know mac addresses can be spoofed pretty easily, but could you setup an > access list or filter that would disallow all mac addresses except for the > ones specified on your network(s)? > The initial setup would probably be tedious, but it's worked fairly well to > keep most unauthorized logins off the network at the college I attend. > > -jon kintner > > ----- Original Message ----- > From: "Sarbjit Singh Gill" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, December 02, 2002 7:22 AM > Subject: Preventing DHCP from allocating IPs > > > > Greetings all, > > > > How do i prevent a client from getting an IP from my DHCP in an Ethernet > > network. I know i could reserve IPs for all other clients and nobody gets > an > > IP unless reserved earlier, but i have hundreds of clients. I frequently > > have visitors who need to plug in their laptops into the network and i > have > > visitors who are not allowed to plug in their laptops into the network and > > get IPs. I do not want these visitors who are not allowed to access the > > network to get an IP and start accessing internet through my network. > > > > What about in a wireless environment. How do i prevent it in a similar > > capacity. > > > > Kind Regards > > Gill > > > -- Frank Barton Starwolf.biz Systems Administrator
