[ale] DHCP server and linux and exclusion of MAC addresses
Michael H. Warfield
mhw at wittsend.com
Tue Nov 16 12:16:17 EST 1999
On Tue, Nov 16, 1999 at 07:11:05AM -0800, cfowler at aimgroup.com wrote:
> I have a machine that is DHCP'ing off my RH 6.0 machine. I do not want it to do
> that because it does not belong to our company but is on our switch. These are
> Intel 550/510 switches. Level 3. Maybe I can prevent it by assigning a VLAN to
> his port. Or I could exclude his MAC in the dhcpd.conf file. Any help would be
> greatly appreciated.
If you really want to be nasty (and I would) grab his MAC address
out of the dhcp leases file and assign him a static address out in lala
land somewhere (like 10.255.255.254) and give him 127.0.0.1 as his default
gateway. If it's a Windblows box, make sure his Netbios nameserver is
also assigned to 127.0.0.1. Then it's up to him to figure out why he's
broken and how to fix it.
Note, you may have to play some games like adding an alias interface
for 10.255.255.x to get dhcp to recognize the static address allocation.
So much for my BOFH evil tip of the week. :-)
BTW... Just out of perverse curiousity, you say it does not belong
to your company but is on your SWITCH!?!?! That means he has access to your
companies network, switch or no switch, VLAN or no VLAN. VLANs can be
bypassed - do NOT rely on them for security! If he wants in to do damage,
he can still hijaak a static IP (ping around, you'll find one) and then can
do you dirt.
My real solution would be a firwall - FAST! Do it with proxy-arp
or with bridging and you can drop it in right in the path from the switch
and isolate anything you want.
> Chris
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
More information about the Ale
mailing list