[ale] DHCP server and linux and exclusion of MAC addresses

Michael H. Warfield mhw at wittsend.com
Tue Nov 16 15:16:24 EST 1999 

On Wed, Nov 17, 1999 at 01:23:41PM -0500, jj at spiderentertainment.com wrote:
> "Michael H. Warfield" wrote:
> > On Tue, Nov 16, 1999 at 07:11:05AM -0800, cfowler at aimgroup.com wrote:
> > > I have a machine that is DHCP'ing off my RH 6.0 machine.  I do not want it to do
> > > that because it does not belong to our company but is on our switch.  These are
> > > Intel 550/510 switches.  Level 3.  Maybe I can prevent it by assigning a VLAN to
> > > his port.  Or I could exclude his MAC in the dhcpd.conf file.  Any help would be
> > > greatly appreciated.

> >         If you really want to be nasty (and I would) grab his MAC address
> > out of the dhcp leases file and assign him a static address out in lala
> > land somewhere (like 10.255.255.254) and give him 127.0.0.1 as his default
> > gateway.  If it's a Windblows box, make sure his Netbios nameserver is
> > also assigned to 127.0.0.1.  Then it's up to him to figure out why he's
> > broken and how to fix it.

> Heh, that's funny, but if he/she figured out how to DHCP of his server ..... they
> might figure out quite quickly.

	You don't need to figure anything out to use a DHCP server.  If
you pop a NIC card into a Windows 98 box, it will do it all for you.  You
won't even realize its happening, you'll just simply find out that you
are up and running on the net like magic!  Just like Microsoft did it for
you (not realizing that you are using a non-Microsoft resource to do it).
You don't have to know its address or anythig about it, it just all
happens.

> Make sure you look at the IRDP, I have a source code somwhere for this... but if it is
> a m$, you can change their default routes add routes, etc.. let me know if ya want the
> source code.

	This I would find interesting...  :-)

> >         My real solution would be a firwall - FAST!  Do it with proxy-arp
> > or with bridging and you can drop it in right in the path from the switch
> > and isolate anything you want.

> This is a serious risk. From what Michael describes, it sounds more like a colo. In
> regards he might not do too much damage, but he can run webservers and stuff on
> Michael's bill. More tho, another switch and a router will be sufficient, firewall is
> an option (unless you got the money it can be slow when high volume hits), but the
> real solution is seprate switches and a router.

> Michael ..... Just address this issue asap. I experience alot of attacks and I hate
> when my beeper goes off at 4am ... 30 min after I went to REM sleep.

> Marek

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

More information about the Ale mailing list