We evaluated this as well and there were only 2 options we found that we
could do:

One was to restrict MAC addresses to the switch port.  Thus any other
machine plugged into that port wouldn't work.

The other was to go to a DHCP by MAC environment, so only authorized MAC
addresses would get IP's.

While it would keep accidental abuse at bay (such as a vendor plugging
into our network), since it's trivial to forge a MAC address a
deliberate attack wouldn't be stopped by either option as an attacker
could unplug a system than take over it's identity with his own machine,
and the security improvement may not be worth the administrative
headache.

-----Original Message-----
From: Davy Davidson [mailto:[EMAIL PROTECTED] 
Sent: August 25, 2006 1:53 AM
To: [email protected]
Subject: IP address assignment problem

Hi,
I have a little problem and seek for ur thoughts, let's assume I'm in a
very 
open environment where everyone can very easily try to get his/her
laptop on 
the network and IP addresses are assigned by a DHCP server and we are in
a 
domain environment, how do I prevent machines that are not part of our 
domain to be assigned an IP address?

Thanks

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/


------------------------------------------------------------------------
---
------------------------------------------------------------------------
---



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to