Re: DHCP Mac address
From: M. Maas (mark_at_menem.mine.nu)
Date: 12/13/04
- Previous message: Jon Dowland: "Re: X.org <-----> Xfree [SOLVED]"
- In reply to: Jochen Schulz: "Re: DHCP Mac address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 13 Dec 2004 20:10:57 +0100 To: Debian User <debian-user@lists.debian.org>
Jochen Schulz wrote:
>
> Yes, I think every DHCP server allows that. If you're not too familiar
> with these things, I suggest you use dnsmasq which primarily is a DNS
> server (as the name suggests), but it can also act as a DHCP server.
> This makes it possible to do DNS resolution for DHCP clients (even
> with dynamical IPs) very easy.
Well I already used bind9 and DHCP for quite some time now. Always
been very pleased with both.
And using BIND makes it easy to share the administration burden with
other sys admins, since BIND is the standard. Or at least the most used.
And making DHCP3 add the hostnames/ip addresses to BIND is not that
hard, and already setup.
>
> To answer your question for dnsmasq (at least partly): just comment out
> the option "read- ethers) in the example configuration and create a
> hosts style file named /etc/ethers. See 'man 5 ethers' for an example.
> This will give the same IPs to clients with a specific MAC address.
>
> As some others already have noted, MAC filtering for security reasons is
> almost useless. It is very easy to spoof a MAC address if someone is
> already able to sniff some traffic (WEP encryption in wireless LANs
> doesn't help very much against that, too).
Ah so true!
MAC address security is just as good as no security, but security as
to whom get's access to the wired lan (we have no Wireless LAN.) is
already taken care of in other way's.
I just want to make sure that people who bring in laptops of there
own do not get access to the Internet or even to the LAN at all.
And even if they know how to get around it, they will at least know
that they are doing something they are not supposed to do.
Plus I check the logs reguraly, the access attempt together with the
socket number will tell me how probably tried some mischief.
The way i'm doing it now is adding a new accepted computer like this:
host name {
hardware ethernet 00:00:00:00:00:e1
}
etc.
It works, but is administrator heavy. Which is why I wanted to know
if those hardware addresses can be added to a file, which I can tell
write a cgi script for to update via special IT pages on our Intranet.
If I want to do such a thing now, i'd have to recreate the actual
dhcp3 config file (DANGEROUS) everytime via such a CGI script. And
then even restarting the DHCP server...
Thanks again, for thingking with me!
-- Make everything as simple as possible, Not any simpler though.
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Jon Dowland: "Re: X.org <-----> Xfree [SOLVED]"
- In reply to: Jochen Schulz: "Re: DHCP Mac address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
