DHCP Authentication
Marco Amadori
amadorim at vdavda.com
Tue Jul 1 06:42:02 UTC 2008
On Monday 30 June 2008, 16:53:56, Simon Hobson wrote:
> Marco Amadori wrote:
> >Even if it seemed I wasn't talking about wireless network but a wired
> > network where we cannot touch switches. Imagine a medium sized network
> > (2000 nodes) where a lot of clients needs some kind of dhcp services from
> > only from our server; other nodes exists which are not in our control
> > (which could be either DHCP clients or servers) but which we should not
> > interfere with.
>
> In that case you do not have control of your network<period>
Yes, I know. .
> >So our clients needs to accept only dhcp anwers from the "right" server
> > and our DHCP server needs to serve only the "good" clients.
> Since you won't have control over many of your clients (eg embedded
> clients in devices you don't have the source to) this isn't something
> you can do at the client.
I thought that since clients receive differents DHCP answers they could choose
(like by requiring a particular VENDOR ID, or a DHCP variable like that, to
match a string) which one to listen.
> The best you can do in your case is to run
> a program to listen for DHCP traffic from rogue servers and alert
> you.
This could be done, then filter it via iptables on clients, but I need to
discriminate good and bad DHCP servers someway... maybe just changeing the
default UDP port for servers and client could suffice.
--
ESC:wq
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the dhcp-users
mailing list