DHCP - control using MAC

[Carlos]

Hi,

How do you block "DHCP" from assigning IP address for unknown connection ?
We have many visitors or vendors that might come to our office and sometime
they plug into our network.

There was an incident where a notebook was infected with Blaster worm, and
it spread to our network. I know as a policy we can "prohibit" outsiders
from plugging their notebook to our network.

As a "network" controller, is it possible to configure no IP address to be
assigned for unknown notebooks ?

Configure the MAC in DHCP server ? Will this have any contraints other than
administration ? Will it create more traffic in the network in term of
packet broadcast ?

Thanks

 

[NuT CrAcKeR]

its a burdeon, but you can statically assign IP's to all your computers that
use DHCP by creating a "reservation". this is mapped to the MAC address of a
particular client. Then, when an outsider plugs in, they wont get an IP
because there isnt a reservation that maps to thier MAC address.

Conversely, you can create another IPRange for visitors to use, and use a
very strict firewall rule that says then can only do 80, 53, 443, 143, 25,
IPSec, and IM out to the internet. Then if there are any cross-infections,
they are only infecting eachother ;-)

visitors shouldnt need to get to your network resources... they should only
need to get to the resources of in internet for email, etc... from thier own
mothership...

NuTs