Re: [Fedora] Re: DHCP security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Somebody in the thread at some point said:

>    The DHCP server is configured to only service known MAC addresses,
> however this won't stop an unknown MAC from getting onto the network
> with an available IP already configured.  DHCP server won't know about
> it and thus won't do anything about it.  So to me, this is something
> beyond what the DHCP server itself can do (or should do).  That's what
> I'm looking for, some way to block everything else that may pop up, that
> did not use the DHCP server to get an IP to begin with.

Little-known thing, wpa_supplicant can work with wired networks too
(-Dwired).  If everyone on the network has to know the WPA encryption
passphrase to even talk that is going to cause trouble for MAC-fondlers
and other scoundrels.

You use hostap on one box for the others to authenticate against, a sort
of wired "access point".

Of course, it doesn't necessarily help much if mortal users (or they are
root themselves) can read /etc/wpa_supplicant/wpa_supplicant.conf and
see your keys...

-Andy


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux