newbies questions
Oskar Berggren
oskar.berggren at gmail.com
Fri Oct 18 15:07:01 UTC 2013
2013/10/18 Pol Hallen <dhcpml at fuckaround.org>
> 3) last question :-) after dhcp assigns me an IP, if I change that IP and
> put same IP of gateway I can crack whole network? How disallow this
> situation?
>
Ethernet was not originally designed for an environment where clients are
untrusted our outside your control. For this reason many different
additional technologies have been created, some relevant to this scenario
are ARP Spoofing protection, DHCP Snooping and IP Source Guard (which can
be auto-configured by DHCP Snooping) (this might be Cisco's term, perhaps
they are called something different by other manufacturers). These are
features employed in the access switches. Other solutions involve putting
each client on their own vlan (either a regular 802.1q vlan, or some sort
of "private vlan" or vlan-in-vlan, which some switches feature as a way to
conserve vlan-identifiers). These typically require a more advanced setup
on the router though.
/Oskar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20131018/4bc03fba/attachment.html>
More information about the dhcp-users
mailing list