Actually this is what i did for the past weeks at the office of my client. At the end of the day, we created a public area where the network points are "enabled" when needed and "disabled" when not needed. The moment we discovered an unauthorise use of the DCHP to obtain IP, we read his/her MAC and disabled it at the router. At least at this stage this users are not smart enough to know the MAC can be modified.
I was thinking if there was a service which could pick and choose MAC addresses, it would have been great. Anyway, i guess i still have to tell this "service" who is the bad MAC and who is the GOOD MAC. Cheers Gill -----Original Message----- From: Jimmy Sansi [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 3:06 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Preventing DHCP from allocating IPs Not being able to distinguish between a valid client or not from a network perspective makes it pretty hard. You can easily stop this accross the board (with a router, etc). It may be a bit more of a hassle but if you know the valid clients MAC address ahead of time you could filter out that way as well. However its not foolproof against a malicious person intent on gaining access. In regards to wireless, outside from the above I have seen implementations that use a VPN connection that must be established before you can access any network resources. -Jimmy -----Original Message----- From: Sarbjit Singh Gill [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: Preventing DHCP from allocating IPs Greetings all, How do i prevent a client from getting an IP from my DHCP in an Ethernet network. I know i could reserve IPs for all other clients and nobody gets an IP unless reserved earlier, but i have hundreds of clients. I frequently have visitors who need to plug in their laptops into the network and i have visitors who are not allowed to plug in their laptops into the network and get IPs. I do not want these visitors who are not allowed to access the network to get an IP and start accessing internet through my network. What about in a wireless environment. How do i prevent it in a similar capacity. Kind Regards Gill
