that's always the problem with tcp/ip and dhcp. there is no authentication before
getting access. i've the same problem here in our campus.
for your dhcp problem, you can try manually mapping ip addresses to the mac
addresses of the nics in that room which should be getting the ip adds from your
dhcp server. only registered mac addresses will be given ip addresses. problem is,
what prevents them from manually assigning ip addresses themselves? well, you can
separate your internet servers on another subnet that you can firewall off and
allow only the ip addresses that you assigned in the dhcp to access these servers.
next problem, what prevents them from stealing those ip addresses that were allowed
in the firewall? well, for one...they can only steal said ips if the workstation
which was supposed to use it is turned off. otherwise, windows ip stack would
complain of an ip conflict. here, one must find a way to tie dhcp leases with
routing/firewalling. another way is to use proxy applications, which again, must be
tied to dhcp leases.
i had the idea once of the possiblity of tying logins to dhcp and routing for total
network security and control. it's hard to accomplish given tcp/ip's architecture,
but i think it could be done. i mean, login first before any network access. this
is one thing i'm still thinking about in my free time though.
vince.
[EMAIL PROTECTED] wrote:
> Hi guys!
>
> I've been running iptraf and arpwatch hand-in-hand to monitor network
> traffic/loading within my network and at the same time to keep track of IP
> addresses pairings passing within. And so far, after running it for a
> couple of days, i have discovered some malicious connections.
>
> Several networks are connected within my LAN to have internet access. I
> have one small room (their swith hub patched to one of my Switch
> port) leasing dynamic IP Addresses from my LINUX box running as DHCP/Proxy
> Server for the workstations in that LAN. (3 Static IP addresses were
> assigned to their NT Servers)
>
> NOTE: all other in-building clients connected to several switches within
> the building were assigned STATIC IP Addresses from my IP Address Pool to
> get internet access.
>
> Here's the issue...
>
> 1. Computers from that single room that were being served/leased by my
> Linux DHCP/Proxy Server with dynamic IP Addresses, are somehow, not
> getting any lease from the server. from my messages log file, it says...
>
> "192.168.1.23 no free lease on subnet blah, blah, blah...."
>
> Question : How can i prevent these winblowz PCs from getting into my
> system? it's very annoying since they were also recorded in my system's
> ARP cache.
>
> 2. I have this whole chunk of /24 network. (111.222.333.0). And so far
> after taking a deeper look in my IP Address Allocation Table, i have used
> almost half of it (around 192 IP Addresses to be exact). Now, i discovered
> that some winblowz workstations within the building are pulling-out some
> unused/undesignated IP Addresses within my pool. They are manually
> assigning IP addresses on their workstations.
>
> Question: How can i prevent this? How can i also deny connections from
> these workstations? They are also using my proxy server to surf the net.
>
> Thank you so much in advance,
>
> Val
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
