How to identify a client?

Mon Jul 7 17:29:50 UTC 2008

I agree on the security issues, but if you are willing to trust that 
your clients will not change the given client ID, this is the one 
solution I can see. If you require more security you are looking at 
completely different solutions.

Anything you can check in DHCP can be spoofed and you can just take any 
IP you like if you won't play by the rules.

Glenn Satchell wrote:
> Hi Tom,
>
> The client identifier is completely up to the client to transmit. As far as the 
> server is concerned it should treat it as an opaque object, ie not try to decode 
> what is inside it because one client may behave differently to another.
> Currently only the microsoft windows client transmits a client id and
> it uses the mac address as the identifier. Most (in practise all I
> think) other clients do not transmit another client bydefault. However
> most can be configured to send a pre-defined string as the identifier.
>
> If the wireless and wired lans are different subnets, you could still
> create hosts statements for each of the mac addresses that had the same
> name, even if the IP addresses are different.
>
> If you don't know the mac addresses in advance how can you assume that
> some wireless client with the same name is the same client? Another
> system could spoof the hostname very easly.
>
> Doesn't appear to be a really simple solution here, apart from
> gathering all the mac addresses up front somehow.
>
> regards,
> -glenn
>
>   
>> Date: Mon, 07 Jul 2008 09:02:15 +0200
>> From: "Tom Schmitt" <TomSchmitt at gmx.de>
>> Subject: Re: How to identify a client?
>> To: dhcp-users at isc.org
>>
>> Hi,
>>
>> thank you for your answer. Your first solution doesn't work for me, because I 
>>     
> have several different subnets. So I can't give the client the same IP-Address 
> in different subnets.
>   
>> As a second point I don't know all the MAC-addresses before the clients is 
>>     
> connected to the network.
>   
>> Your second solution I don't understand completly: Is the DHCP-identifier from 
>>     
> the clilent the same, even if the MAC-address is changed?
>   
>> thanks,
>> Tom.
>>
>> -------- Original-Nachricht --------
>>     
>>> Datum: Fri, 04 Jul 2008 18:27:27 +0200
>>> Von: Sten Carlsen <sten at s-carlsen.dk>
>>> An: dhcp-users at isc.org
>>> Betreff: Re: How to identify a client?
>>>       
>>> I have a similar situation, but with a few differences. I hope this 
>>> could be an inspiration.
>>>
>>> I have made a host entry for each of the MACs (wired / wireless)they are 
>>> each given the same IP, that works without any problem. I can even 
>>> continue a download while switching form wired to wireless.
>>>
>>> The other thing I have tried is to have a host entry with a  option 
>>> dhcp-client-identifier. IIRC this also works.
>>>
>>> Tom Schmitt wrote:
>>>       
>>>> And now comes the problem: In the WLAN the client is using another MAC
>>>> (the one of the WLAN-card instead of the normal NIC) but the same name. So,
>>>> if a client was first in a normal subnet, getting a lease and a DNS-entry,
>>>> then the client is moving to a WLAN-subnet and comes with the same name but
>>>> differrent MAC to the DHCP. The clienst is getting a new IP but no entry
>>>> in the DNS because there is already an entry and the TXT-records says: Its
>>>> not yours!
>>>>
>>>> So, for the time the old lease is valid, the client has no DNS-entry.
>>>>
>>>> What can I do to solve the problem?
>>>> The only thing I could think of, was a shorter leasetime. But this is
>>>> problematik for several other reasons. Abd beside: It wouldn't solve the
>>>> problem, only make it happen fewer times than with a longer lease.
>>>>
>>>> Is there a best practice to avoid this problem? Do anyone else have the
>>>> same problem?
>>>>
>>>>         
>> -- 
>> Psssst! Schon vom neuen GMX MultiMessenger gehört?
>> Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
>>
>>     
>
>
>   

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 