Ashley M. Kirchner wrote: > > While I realize DHCPd isn't a security program of any kind, this does > have to do with it. So I just switched our entire network over to DHCP > assigned IPs in preparation for another project. But in doing that, > I've come to realize that anyone could plug in their machine and > manually set their IP address and by-pass the DHCP discovery all > together. And thus also gaining access to our internal network, > something we might not necassarily want to allow. So the question now > is, is there some way to restrict traffic to only those assigned IPs > (through DHCP) and block anything else that happens to show up on the > network? Maybe through iptables somehow? FWIW, I feel the only truly secure way to do this is to use managed switches.
