Re: security of IP address

From: prg (rdgentry1_at_cablelynx.com)
Date: 05/01/05 

Date: 1 May 2005 12:54:39 -0700

Greenhorn wrote:
> hi there
> if we use DHCP for assigning addresses for network interfaces, does
> the router ...

Initial DHCP requests are broadcast frames, so they are not forwarded
by a router. This is why a DHCP server or relay agent must reside on
each IP subnet to service requests.

> ... verify all the messages and see if the packets have proper
> IP - MAC combination, ...

Well, the requesting machine doesn't have anything to distinguish it
except the MAC address -- it doesn't have an IP yet.

> ... is it an optional feature in todays routers. Does
> the relevant RFC state anything about it.
> If not the router, is there any other entity who performs this check

The dhcpd server can be set up to offer IPs based on "valid" MACs, ie.,
only give out IPs to MACs you've indicated in the configuration.
Configuration details depend on your server.

Without pre-configuring clients with an assigned client-indentifier the
MAC is really all you have to work with initially. Thus, clients would
have to "register" their MAC address in order to acquire a lease. This
can be done "in person" or by using an "enrollment" scheme for "first
time" network users similar to the way many college campuses do it
(since students bring in their own hardware with unknowable MACs and
in-person registering is out of the question). Your own hardware MACs
are available to you once you collect them.

The approach you take will depend on your environment/setup and just
what your concerns are. Desktops offer easier/different options as
opposed to laptops, especially laptops of guests/visitors.

hth,
prg
email above disabled

Relevant Pages

  • Re: static IP addresses on LAN
    ... One Mac is an intel iMac, ... it is connected to the network and internet... ... If I instead configure it to use DHCP, then it gets assigned the wrong IP ... The other possibility is that you have more than 1 router. ...
    (comp.sys.mac.system)
  • Re: iPAQ 4350 not resolving names with DNS
    ... My focus would be back on the dhcp... ... second router is configured as a passive switch) ip number pool. ... It is clear, however, from connect time and Mac ... Secondary DNS Server: 204.101.251.2 ...
    (microsoft.public.pocketpc)
  • Re: Static IP outside of router DHCP range
    ... This would avoid the need for DHCP entirely, ... server IP statically will at least avoid the problem of the clients ... DHCP from the router, you could turn it off in the router and use static ... So I have no way to either reserve IP addresses based on Mac addresses, ...
    (alt.comp.hardware.pc-homebuilt)
  • Re: Buffalo router disupts internet connection on lease renewal
    ... is requesting the renewal. ... (Client tries to reopen old connection to DHCP server) ... MAC address of the ISP's router or any machine connected to the ...
    (alt.internet.wireless)
  • Re: DHCP server on 2003 - Trying to assign an IP out of scope?
    ... Unfortunately (or maybe fortunately, since the firmware on my router was updated a few months ago), the MAC address in question is a PC, not the router as it was in his case. ... Everyone but the server uses DHCP ...
    (microsoft.public.windows.server.sbs)