-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/09/2007 06:49 PM, Ed Greshko wrote: > Ashley M. Kirchner wrote: >> While I realize DHCPd isn't a security program of any kind, this does >> have to do with it. So I just switched our entire network over to DHCP >> assigned IPs in preparation for another project. But in doing that, >> I've come to realize that anyone could plug in their machine and >> manually set their IP address and by-pass the DHCP discovery all >> together. And thus also gaining access to our internal network, >> something we might not necassarily want to allow. So the question now >> is, is there some way to restrict traffic to only those assigned IPs >> (through DHCP) and block anything else that happens to show up on the >> network? Maybe through iptables somehow? > > FWIW, I feel the only truly secure way to do this is to use managed switches. > I've been on university systems that use a hotel-like system. On the first connection on port 80 to any address, one is directed to an authentication page. All access is blocked to any address on all ports until that authentication is given. - -- Steve -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHDBfpeERILVgMyvARAqEtAJ45OFblzAXb9xmn0ZZoj10OY+GU6QCfRvsK fpS4uNoJtTC1KH8yvWffFak= =0Cr/ -----END PGP SIGNATURE-----