On Sun, 2009-06-07 at 20:22 +0700, Fajar A. Nugraha wrote: > Last I check ISC's DHCP tries ping first, but newer Windows (with icmp > echo disabled by default) makes it somewhat less useful.
No server can detect a "rogue" that is switched off. If it's switched on, your other clients *should* issue DHCPDECLINE responses if they detect the rogue in their subnets. However, it's not exactly reliable. It is more reliable with DHCPv6, because duplicate address detection is a standardised part of the address configuration process. DHCP is not a security tool. It never was and never will be. You have to look beyond DHCP for that. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer ([email protected]) +61-2-64957160 (h) http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF
signature.asc
Description: This is a digitally signed message part
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
