information about authentication with DHCP server

Glenn Satchell Glenn.Satchell at uniq.com.au
Tue Jun 10 14:30:55 UTC 2008 

Using MAC address filters for Wireless Access Points is, IMHO, a
complete waste of time. It is trivial to snoop for wireless packets and
grab a MAC address that works from an existing client. But that's
pretty much outside the scope of discussion on thislist.

regards,
-glenn

>From: "Barr Hibbs" <rbhibbs at pacbell.net>
>To: <dhcp-users at isc.org>
>Subject: RE: information about authentication with DHCP server
>Date: Mon, 9 Jun 2008 17:02:35 -0700
>
>Werner--
>
>as far as I know, there are NO implementations of DHCP Authentication,
>despite it being defined with a relatively mature RFC (in the sense that
>after an initial flurry of discussion, there were no updates offered,
>suggesting that (1) the RFC was solid as written, or (2) no one cared about
>implementations.  As with any authentication system, the principle problem
>is key distribution, and no scalable method was ever offered to support
>client Authentication.
>
>Many organizations authenticate *USERS* through RADIUS, which is
>significantly easier to scale, while some substitute Wireless Access Point
>and Router client MAC address filters for *CLIENT* authentication.  The
>former is an established, mature protocol for user authentication and has
>many implementations and management tools.  Managing client MAC address
>filters for Wireless Access Points and Routers has an even worse scalability
>problem than simple key distribution to a client, although I have heard
>admins boast (or complain?) that they were using it in their networks.
>
>I am curious what you learn in your investigations.
>
>--Barr
>
>  -----Original Message-----
>  From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org]On
>Behalf Of Werner Otto
>  Sent: Sunday, June 08, 2008 00:59
>  To: dhcp-users at isc.org
>  Subject: Re: information about authentification with DHCP server
>
>
>  have you managed to get an answer to your question. I've been trying to do
>something similar, there are an number of ways to approach the problem.
>
>
>  2008/4/18 hermann renombapropre <renombahermann at yahoo.fr>:
>
>    dear all
>
>    I am a student and would like to know if it is possible to make a dhcp
>client authentication before the allocation of IP addresses. If possible can
>use you tell me how to do it
>
>    sincerly.
>
>
>    __________________________________________________
>    Do You Yahoo!?
>    En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
>possible contre les messages non sollicités
>    http://mail.yahoo.fr Yahoo! Mail
>
>
>
>  --
>  Kind Regards
>  Werner Otto
>  +44 782 846 5076 (M)
>  +44 203 132 4368 (H)

More information about the dhcp-users mailing list