Couldn't checkpoint meta-ip do what the original poster asked? Sorry to be late on the response but I get the list in digest form.
Cheers, Leon -----Original Message----- From: Richard Westlake [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 14, 2002 3:22 PM To: Chris Cc: [EMAIL PROTECTED] Subject: Re: DHCP Security Questions Chris There is no easy way to stop this. If they can change the IP address on their system then they can set any address they like. You could try the following 1) take away admin access. Not possible with visitors & personal laptop etc. can't do this with all OSs e.g. 95/98 2) run something like arpwatch (free)to record MAC/IP address. This will notice new systems on the network and will also report address flip-flops when two systems try and use the same IP address. We use this and it has spotted badly configured systems and people borrowing (stealing) IP address. Doesn't prevent the problem but it makes it easer to find and fix. Problems of two systems using the same address (IP,DECNET etc) can be very hard to debug. For arpwatch try http://www-nrg.ee.lbl.gov/nrg.html or a google search 3) split the network into two with a router. One network can have your static address servers and other important stuff, the other can have the DHCP assigned addresses. This reduces the damage people can do, still a problem if they steal the IP address from your or the MDs laptop. You could also add a network just for visitors. 4) use SNMP on the switches to report when a port goes live. The with SNMP query the address table and compare it with a list of allowed MAC/IP addresses (DHCP server lease file) and possible which ports they can use. If you don't like the system on the port which has just gone live then block the port or move it to a VLAN where it cant do any harm. Maybe you can get a network management system to help with this. This could be a lot of work! If you every try it please let me know how you got on. If you have a lot of people turning up with laptops etc and they already have ID/passwords on your system they you could use something like netreg (free) http://www.netreg.org/ to automate the MAC registration. Matt Campbell at RIT has implemented a similar system which does watch the switches and move ports for new systems to different VLANS http://www.rit.edu/~mrcsys/dhcp/ Netreg type packages are useful if you don't want random strangers wandering into the building, finding an unused port in a quiet corner, connecting to the network and getting an IP address and having fun with your servers etc All the best and good luck Richard Westlake School of Crystallography, Birkbeck College, Malet Street, London WC1E 7HX Tel: 020-7631-6859 ---------------------------------------------------------------------- Truth endures but spelling changes -- Anon. ---------------------------------------------------------------------- On Tue, 14 May 2002, Chris wrote: > Date: Tue, 14 May 2002 09:10:26 -0700 > From: Chris <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: DHCP Security Questions > > I was curious to find out about some issues that I would like to > prevent if at all possible. I am running a network with a DHCP server > handing out public IP's to clients. It is also reserving by the MAC > for clients that have static publics. My concern is someone that has > legitimate access to the network purposely or accidentally setting > their IP to an IP that is already taken and login on to the network > and causing problems. Obviously this could really be a problem if it > is a business client and are running some sort of server and someone > logs on with that IP. Does anyone know of a way to prevent this? If > you need more details please ask. > > Thank You, > > Chris Raynor > Network Security > Mendo Link, LLC > > "An Ounce Of Prevention Is Worth A Pound Of Cure." > >
