DHCP Authentication
Randall C Grimshaw
rgrimsha at syr.edu
Mon Jun 30 12:11:04 UTC 2008
I suspect that you may be stuck with processes like 'dhcp snooping' to help prevent rogue servers and the use of 'known client' groupings a.k.a. 'deny unknown' to permit only registered machines to aquire addresses. Other similar techniques are 802.1x or other smart relay approach. DHCP itself is one of the vulnerable layer two protocols.
Randy
________________________________
From: dhcp-users-bounce at isc.org on behalf of Marco Amadori
Sent: Mon 6/30/2008 3:13 AM
To: dhcp-users at isc.org
Subject: DHCP Authentication
Hi DHCP Hackers,
I really enjoy this software and I would like to thanks you all for your
contributions.
I would like to ask about athentication since I have not found yet in the
documentation or google how to let this software handle DHCP authentication
of clients and servers.
(My use case is that I have an untrusted network environment in which clients
need to receive only the DHCP services from correct servers, nor possible
rogue dhcp and in which servers must give addresses only to authorized
clients).
Something like RFC 3118 [0] or any pre exchanged key mechanism will be great.
[0] http://tools.ietf.org/html/rfc3118
--
ESC:wq
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20080630/8415e022/attachment.html>
More information about the dhcp-users
mailing list