Re: DHCP and secondaries
Christopher Davis <chr+@andrew.cmu.edu> Fri, 17 May 1996 17:25 UTC
Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa19536;
17 May 96 13:25 EDT
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa19530;
17 May 96 13:25 EDT
Received: from reef.bucknell.edu by CNRI.Reston.VA.US id aa12199;
17 May 96 13:25 EDT
Received: from localhost by reef.bucknell.edu with SMTP
(5.65/IDA-1.2.8) id AA17357; Fri, 17 May 1996 12:29:23 -0400
Date: Fri, 17 May 1996 12:29:23 -0400
Message-Id: <Mlb9sg600iV1A1KYwG@andrew.cmu.edu>
Errors-To: droms@bucknell.edu
Reply-To: dhcp-v4@bucknell.edu
Originator: dhcp-v4@bucknell.edu
X-Orig-Sender: dhcp-v4@bucknell.edu
Precedence: bulk
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Christopher Davis <chr+@andrew.cmu.edu>
To: Multiple recipients of list <dhcp-v4@bucknell.edu>
Subject: Re: DHCP and secondaries
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
X-Comment: Discussion of DHCP for IPv4
Excerpts from netdev.dhcp-v4: 17-May-96 Re: DHCP and secondaries by "Edie E. Gunter"@watson. > > I would like to require that the > > users of our dhcp service register the hardware addresses > > of their NIC cards before the server allows the client to > > be services from either an automatic or dynamic pool. > > I'd be curious to know why. The authentication proposal > you mention allows clients to be assured that the DHCP > responses are from legitimate servers. However, if a > server refuses to serve a particular client, that client > can still commandeer an IP address that the server "owns." > If a rogue client has physical access to the lan, there's > really no way to prevent it from claiming addresses from > either one of your address pools. (Oh, perhaps with a sniffer > or similar tool you can detect the rogue and on TR send it > KILL frames or some such. There's also been talk > about how to manage this problem with internal fire walls, > but those are all ways to react to the problem, not how > to prevent it.) He's referring to dhcp servers serving ip addresses to legitimate clients. Not the reverse. The idea is, I only serve addresses to machines that I know about. If you don't have that many dynamic ip's availible, you don't want to hand ip's to just anyone. Here at CMU, when creating the dhcp server, this was one of our first requirments. Chris Davis Network Development Carnegie Mellon University
- DHCP and secondaries Tim Peiffer
- Re: DHCP and secondaries Ted Lemon
- Re: DHCP and secondaries Erikas Aras Napjus
- Re: DHCP and secondaries David M. Meyer 503/346-1747
- Re: DHCP and secondaries John Miezitis
- Re: DHCP and secondaries Tim Peiffer
- Re: DHCP and secondaries Tim Peiffer
- Re: DHCP and secondaries Sam Wilson
- Re: DHCP and secondaries Ted Lemon
- Re: DHCP and secondaries Mike Carney - Sun BOS Software
- Re: DHCP and secondaries Erikas Aras Napjus
- Re: DHCP and secondaries Michael J. Lewis
- Re: DHCP and secondaries Richard Letts
- Re: DHCP and secondaries Christopher Davis
- Re: DHCP and secondaries Christopher Davis
- Re: DHCP and secondaries Richard Letts
- Re: DHCP and secondaries William Rippon
- Re: DHCP and secondaries Richard Letts
- Re: DHCP and secondaries John Miezitis
- Re: DHCP and secondaries William Rippon
- Re: DHCP and secondaries Edie E. Gunter
- Re: DHCP and secondaries Christopher Davis
- Re: DHCP and secondaries Mike Carney - Sun BOS Software
- Re: DHCP and secondaries Christopher Sulentic
- Re: DHCP and secondaries Zuwei liu