General discussion

Locked

DHCP IP addressess & Fixed IP addressess

By Bril ·
I have this question about using DHCP and fixed IP Addresses. Don't know if this is a serious security issue...

DHCP is used to configure a pool of IP addresses which will be assigned to requesting DHCP clients.

Let's say I have 10 nodes on my network and I would configure DHCP to use subnetmask /28 (255.255.255.240). That would mean a max total of 14 nodes could be used on this subnet.

Of these 14 adresses I configure DHCP to reserve 10 using MAC addresses. That means 4 addresses wil be left over.

If I would reserve these 4 remaining addresses to (let's say) dummy MAC addresses, is it possible for someone to connect to my network using a fixed IP address that is equal to one of those 4 remaining IP addresses??

Thanks for your replies.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Yes

by Fregeus In reply to DHCP IP addressess & Fixe ...

But keep in mind that someone could very easily use any of your 14 IP addresses so long as the actual PC using that address is shut down. So, no, I don't consider this a security issue. Its insecure anyway you look at it. DHCP was not made as a security tool but as an administrative one.

There is also the possibility that someone masks his actual MAC address and sends the MAC of another legitimate machine on your network and gets that machine's IP.


TCB

Collapse -

yessssssssssss

by david.wallis In reply to DHCP IP addressess & Fixe ...

mac addresses are easy to spoof... theres an article on here somewhere about it

Collapse -

No, but...

by roberto In reply to DHCP IP addressess & Fixe ...

..if you're trying to prevent unauthorized clients from connecting to your network, and are using a Cisco switch that supports it, you can use switch port security to determine which MAC addresses can connect to each port. See http://articles.techrepublic.com.com/5100-1035_11-6123047.html

Back to Security Forum
3 total posts (Page 1 of 1)  

Security Forums