Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: Re: Proxy 2.0 secure?

Re: Proxy 2.0 secure?

John McDermott (jjmjkintl.com)
Wed, 1 Jul 98 08:36:57

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Stout, Bill: "Embedded security software"
Previous message: Darren Reed: "Re: ICMP problems with Firewall-1 (long)"

--- On Tue, 30 Jun 1998 04:52:40 -1000 (HST) NetSurfer
<netsurfsersol.com> wrote:

>
>On Mon, 29 Jun 1998, Brian Steele wrote:
>
>>I don't know who you are quoting (I forget the orig poster, sorry), but
my
>>problem with dynamic DHCP is less with the dynamic-ness than the short
>>leases. The issue is that if the leases are short (e.g. less than a few
>>weeks even), it is virtually impossible to track down a misbehaving
system
>>because it is difficult to map between MAC and IP addresses. This problem
>>can be alleviated with long leases: I suggest a year or so.
>
>Also remember that MS DHCP automatically gives the lease renewal the same
>IP address unless the address is no longer available. So long as the
>address has not been given out to a different workstation (which should
>only happen if the node had been down long enough for a new w/s to get the
>IP) or had not been reserved (manually) the MAC <=> IP should behave
>statically regardless of having a short lease.

Clearly. The issue is that many (most?) folks who use dynamic DHCP with
short leases do so because the number of machines is larger than the pool
of free addresses. This leads to the problem I noted.

Even though one can sift through logs to find the owner of an address at a
given time, I still prefer really long leases or static addresses.

>
>--
>James D. Wilson
>netsurfsersol.com
>
>"non sunt multiplicanda entia praeter necessitatem"
> William of Ockham (1285-1347/49)
>

--john

-----------------End of Original Message-----------------

-------------------------------------
Name: John McDermott
VOICE: 505/377-6293 FAX 505/377-6313
E-mail: John McDermott <jjmjkintl.com>
Writer and Computer Consultant
-------------------------------------

Next message: Stout, Bill: "Embedded security software"
Previous message: Darren Reed: "Re: ICMP problems with Firewall-1 (long)"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:31 CDT