exclude addresses

Sten Carlsen sten at s-carlsen.dk
Thu Jan 10 01:54:16 UTC 2008


I have set this up at my house, I use an address range for normal hosts 
192.168.x.x, I have set up another range for unknown hosts 10.0.0.x, 
gateway, DNS, ... is set differently than the ones for normal access.

This looks to the uninvited like the standard setup you will get from an 
unprotected AP in its default setup. The idea is that the "guest" will 
believe that I have some AP in its default setup but have so few 
abilities that I have not been able to get it connected to the internet. 
The hope is that he will go to the next place.

So basically I give these guys an address but a non-functional address.

If people really want access, you have only routers and VLANs to play 
with. None of this dhcpd setup will prevent manually set addresses.

Ron Croonenberg wrote:
> Hi Stan,
> I tried assigning   and 169.254.x.y   but somehow that client 
> sees that it is a 'worthless' address ad keeps using the old address 
> it 'stole'.
> I noticed that with 'deny booting'  it uses the old address too  even 
> after trying to get an address with dhcp
> Sten Carlsen wrote:
>> How about a host declaration with "deny booting"?
>> On the other hand you could give him a special IP, that has no 
>> routing anywhere. Make a new range, set all parameters seemingly like 
>> they should be, but make sure your firewall knows that this range 
>> must not go anywhere.
>> This way the unwanted guest will have a harder time to figure out 
>> what happened.
>> In the archives there is an example on this. Somewhere.
>> Brian Raaen wrote:
>>> you can try creating a class that has that mac address in a 
>>> subclass.  Then you can block that mac address in any pool you 
>>> want.  I have attached the relevant part of the dhcpd.conf man page.

Best regards

Sten Carlsen

No improvements come from shouting:


More information about the dhcp-users mailing list