Tom's Hardware > Forum > General Networking > Firewall > DHCP Relays and Scanning for Rogue Mac Addresses

DHCP Relays and Scanning for Rogue Mac Addresses

Forum General Networking : Firewall - DHCP Relays and Scanning for Rogue Mac Addresses

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   09-26-2005 at 04:34:28 PM

Archived from groups: comp.security.firewalls (More info?)

 

I have client machines on a protected subnet behind a firewall, and a DHCP
server on a separate protected subnet. I need to relay the DHCP client
requests from one subnet to the other, and for security reasons I don't want
a DHCP relay application running on the firewall. What is the easiest way
to build a DHCP relay that would allow a configuration like:

client on subnet A <----> dhcp relay on subnet A <----> firewall <---->
dhcp relay on subnet B <----> dhcp server

What software supports that configuration?

In our application I need to use a Microsoft Active Driectory domain
controller for the DHCP server because it is integrated to Microsoft DNS
and reverse lookups are automatically maintained. Unless there are
very strong reasons for it, a DHCP relay is preferred to a DHCP server.
Some additional features that would be really nice to have:

- Ability to scan for any DHCP request from an unrecognized Mac address,
which would then trigger alerts to either/both syslog and e-mail.

- Ability to scan all ARP requests on the network looking for unrecognized
Mac addresses, the presence of which would trigger alerts.

I want to make it very difficult for a rogue device to get installed on our
network without our having immediate visibility on the fact.

If anyone has other ideas on features we should be looking for in either a
DHCP relay or Mac Address scanner, please feel free to add those.

If the above is available as a commercial device, I would appreciate
references to the vendor's product page as well.

--
Will

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   09-27-2005 at 02:13:37 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

Please crosspost when appropriate. This message also appeared in
comp.unix.bsd.openbsd.misc, and probably others.

Reply to Anonymous
Anonymous   09-27-2005 at 08:18:31 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

It was not appropriate to crosspost in this case, and I made that decision
because the OpenBSD post asks for an OpenBSD product only.

The post to firewalls asks for any solution, not specific to any flavor of
UNIX.

--
Will

"Joachim Schipper" <jDOTschipper@math.uu.nl> wrote in message
news:4338ff31$0$76657$dbd4f001@news.wanadoo.nl...
> Please crosspost when appropriate. This message also appeared in
> comp.unix.bsd.openbsd.misc, and probably others.

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > Firewall > DHCP Relays and Scanning for Rogue Mac Addresses
Go to:

There are 649 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.342 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them