Why not use this but modify it slightly assign the pool of addresses to the interface and remove them as their are provided to a client, when the lease runs out re alias it to the interface, not guarantee of knowing when machine releases its ip address.
A On Wed, Oct 27, 2004 at 05:30:55PM +1000, David Kempe wrote: > Howard Lowndes wrote: > > >If you are running a DHCP server on a network and have a block of IP > >addresses which you make available, how can you stop a (reasonably) > >knowledgeable luser from explicitly grabbing an address from that block > >by explicitly configuring their box with that address, thus preventing > >that IP address from being recorded in the leases, and hence you not > >immediately knowing that that box has been attached to the network. > > > > My suggestion would be to run some sort of proxy arp setup. > If a box on your network is running a proxyarp setup like the one with > shorewall - when windows users go to change their ip address, the > windows box will arp and check to see if that address is in use. > Proxyarp will accept the response and the windows box gets confused and > gives the user "this ip is already in use" error. Nicely frustrating. > Not sure if my explanation is correct, but I have been able to duplicate > this behavior with recent versions of shorewall, kernel 2.4.27 and > windows 2000 and xp. > > Its not the same as mac level filtering :) and its a serious hack, but > might be helpful... > > dave > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
