OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archives: Using DHCP (was RE: IP Spoofing)

Using DHCP (was RE: IP Spoofing)


Anton J Aylward (antonthe-wire.com)
Sat, 2 Oct 1999 09:54:34 -0400


Neither DNS not DHCP is a cure for spoofing, and can themselves be
spoofed as well ;-( But they are key tools and properly configured can
support the evidence of logs in tracing problems and intrusions.

Some sites want accountability, that is a deterministic identification of
an IP address with a host. This can be strength or weakness, in my
opinion, and I've always favoured it when possible. But I'd like to know
what other think.

DHCP has improved, in that it can now integrate with DNS, which was always
my greatest complaint about it. Like DNS it can be strapped down, binding
MAC addresses to IP addresses. Of course relayers confuse this somewhat.
(Just as proxy ARP on some firewalls can)

which of course interact with hardware (e.g. switching hubs) and network
layout. I'd like to know what other people have found effective and what
problems there may be. Can those in the know guide the rest of us away
from the jagged rocks of this kind of implementation?

Anton Aylward
System Integrity
ajasi.on.ca



This archive was generated by hypermail 2.0b3 on Sat Oct 02 1999 - 19:18:25 CDT