ronc at depauw.edu
Thu Jan 10 05:38:58 UTC 2008
where I work we have a pretty large network and those private nets are
already in use by different depts
as for @ home, why not use MAC based filtering on the router?
Sten Carlsen wrote:
> I have set this up at my house, I use an address range for normal
> hosts 192.168.x.x, I have set up another range for unknown hosts
> 10.0.0.x, gateway, DNS, ... is set differently than the ones for
> normal access.
> This looks to the uninvited like the standard setup you will get from
> an unprotected AP in its default setup. The idea is that the "guest"
> will believe that I have some AP in its default setup but have so few
> abilities that I have not been able to get it connected to the
> internet. The hope is that he will go to the next place.
> So basically I give these guys an address but a non-functional address.
> If people really want access, you have only routers and VLANs to play
> with. None of this dhcpd setup will prevent manually set addresses.
> Ron Croonenberg wrote:
>> Hi Stan,
>> I tried assigning 0.0.0.0 and 169.254.x.y but somehow that
>> client sees that it is a 'worthless' address ad keeps using the old
>> address it 'stole'.
>> I noticed that with 'deny booting' it uses the old address too even
>> after trying to get an address with dhcp
>> Sten Carlsen wrote:
>>> How about a host declaration with "deny booting"?
>>> On the other hand you could give him a special IP, that has no
>>> routing anywhere. Make a new range, set all parameters seemingly
>>> like they should be, but make sure your firewall knows that this
>>> range must not go anywhere.
>>> This way the unwanted guest will have a harder time to figure out
>>> what happened.
>>> In the archives there is an example on this. Somewhere.
>>> Brian Raaen wrote:
>>>> you can try creating a class that has that mac address in a
>>>> subclass. Then you can block that mac address in any pool you
>>>> want. I have attached the relevant part of the dhcpd.conf man page.
More information about the dhcp-users