DHCP & MAC Address security - TechRepublic
General discussion
March 5, 2003 at 07:02 AM
public

DHCP & MAC Address security

by public . Updated 23 years ago

Hey guys, anyone know of a way to use DHCP but not allow it to distribute IP addresses to unknown MACS?

What I’d like to do is register EVERYONE’s mac addresses on my network and reserve those macs to permanent ip addresses on the DHCP server.

However, anyone not allowed on the network (home user brings in a laptop, vendor etc), will NOT recieve an IP.

The only way i can figure on how to do this is to tell the DHCP server to serve (lets just say we have 100 users) ip addresses from192.168.1.10 to 192.168.1.110. Each of those IP address (.10 to .110) are reserved to specific MAC addresses. When new users are added, i will just expand the reservations from 110 to 111, 112, 113, etc. That way the DHCP server will NEVER hand out an IP address without matching a MAC on its reservation list.

I was also thinking if adding a “bullshit” scope. If someone does come in and just plugs in an unauthorized laptop or pc, I can have the dhcp server hand out a bullshit IP address and bad dns, wins, and gateway information. Then I’ll be able to check the logs to see if that scope of addresses was ever handed out to anyone and what their macs are.

I’m just tossing some ideas for increased security around a bit.

This way you dont have to mess with static IP addresses on the clients. You only have to mess with them once on a centralized DHCP server once.

-public@lipan.org

This discussion is locked

All Comments