DHCP Authentication

[Marco Amadori]

On Monday 30 June 2008, 14:11:04, Randall C Grimshaw wrote:
>> I would like to ask about athentication since I have not found yet in the
>> documentation or google how to let this software handle DHCP authentication
>> of clients and servers.

>> (My use case is that I have an untrusted network environment in which
>> clients need to receive only the DHCP services from correct servers, nor
>> possible rogue dhcp and in which servers must give addresses only to
>> authorized clients).

> I suspect that you may be stuck with processes like 'dhcp snooping' to help
> prevent rogue servers and the use of 'known client' groupings a.k.a. 'deny
> unknown' to permit only registered machines to aquire addresses. Other
> similar techniques are 802.1x or other smart relay approach. DHCP itself is
> one of the vulnerable layer two protocols.

Yes, but dhcp snooping requires control of switches which in my case is not 
available, my great problem is authentication of the DHCP server, since just 
classing with pattern matching from ISC DHCP v3 could be sufficient for 
authorizing clients.

>> Something like RFC 3118 [0] or any pre exchanged key mechanism will be
>> great.

There is no way to check a for key for both clients and/or servers?

-- 
ESC:wq

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.