Tom's Hardware Forums » General Networking » Firewall » DHCP Relays and Scanning for Rogue Mac Addresses
 

DHCP Relays and Scanning for Rogue Mac Addresses

Add a reply



Word :   Username :  
 
Bottom
Author
 Thread : DHCP Relays and Scanning for Rogue Mac Addresses
 
Anonymous
Profile: stranger
More Information
n°51593
09-26-2005 at 04:34:28 PM

Archived from groups: comp.security.firewalls (More info?)

 

I have client machines on a protected subnet behind a firewall, and a DHCP
server on a separate protected subnet. I need to relay the DHCP client
requests from one subnet to the other, and for security reasons I don't want
a DHCP relay application running on the firewall. What is the easiest way
to build a DHCP relay that would allow a configuration like:

client on subnet A <----> dhcp relay on subnet A <----> firewall <---->
dhcp relay on subnet B <----> dhcp server

What software supports that configuration?

In our application I need to use a Microsoft Active Driectory domain
controller for the DHCP server because it is integrated to Microsoft DNS
and reverse lookups are automatically maintained. Unless there are
very strong reasons for it, a DHCP relay is preferred to a DHCP server.
Some additional features that would be really nice to have:

- Ability to scan for any DHCP request from an unrecognized Mac address,
which would then trigger alerts to either/both syslog and e-mail.

- Ability to scan all ARP requests on the network looking for unrecognized
Mac addresses, the presence of which would trigger alerts.

I want to make it very difficult for a rogue device to get installed on our
network without our having immediate visibility on the fact.

If anyone has other ideas on features we should be looking for in either a
DHCP relay or Mac Address scanner, please feel free to add those.

If the above is available as a commercial device, I would appreciate
references to the vendor's product page as well.

--
Will

Related Product

Register or log in to remove.
Anonymous
More Information
n°51610
09-27-2005 at 02:13:37 PM

Archived from groups: comp.security.firewalls (More info?)

 

Please crosspost when appropriate. This message also appeared in
comp.unix.bsd.openbsd.misc, and probably others.

Anonymous
Profile: stranger
More Information
n°51623
09-27-2005 at 08:18:31 PM

Archived from groups: comp.security.firewalls (More info?)

 

It was not appropriate to crosspost in this case, and I made that decision
because the OpenBSD post asks for an OpenBSD product only.

The post to firewalls asks for any solution, not specific to any flavor of
UNIX.

--
Will

"Joachim Schipper" <jDOTschipper@math.uu.nl> wrote in message
news:4338ff31$0$76657$dbd4f001@news.wanadoo.nl...
> Please crosspost when appropriate. This message also appeared in
> comp.unix.bsd.openbsd.misc, and probably others.


  Tom's Hardware Forums » General Networking » Firewall » DHCP Relays and Scanning for Rogue Mac Addresses

Go to:
Add a reply
 

Forum map
MyDiscussions.Net Forum, Version 2007.1
© 2000-2006 No1Dev
Page generated in 0.407 seconds
Google Ads
Ad
Related Topics
See all relatives topics
News

Google Brings Anti-Virus Scanning to Gmail

Published on December 02, 2005

Word from Gmail team at Google this afternoon that they've just launches anti-virus scanning to the service for all incoming and outgoing attachments. Read more

UK could force convicted sex offenders to register screen names

Published on February 06, 2007

Convicted sex offenders in the United Kingdom could be forced to register their screen names along with their email addresses. Home Office Secretary John Reid has proposed a new law that would mandate prison terms for sex offenders who fail to give their online identities to the nationwide Sex Offenders Register. Read more

SystemC 2.1 to speed up design of SoCs, IEEE believes

Published on December 12, 2005

The IEEE today announced that it has ratified the SystemC 2.1 language for system-level chip design which the organization believes will accelerate system-on-chip (SoC) design processes. Read more

Researchers Crack IPhone's Wi-Fi Positioning System

Published on April 14, 2008

Zurich (Switzerland) - It was just a matter of time: Researchers from the ETH Zurich breached the iPhone's/iPod's Wi-Fi positioning system and found that the technology is vulnerable to location spoofing. Read more

Latest Reviews & Articles
Stalker: Clear Sky--Is Your System Ready?

Stalker: Clear Sky--Is Your System Ready?

Published on September 30, 2008

Thinking about picking up the latest update to Stalker, but not sure if your graphics subsystem can handle it? Hang on as we take you through a performance tour and demonstrate how the game has been prettied up. Read more

Part 4: Avivo HD vs. PureVideo HD

Part 4: Avivo HD vs. PureVideo HD

Published on September 29, 2008

The 780G chipset/Radeon HD 3200 and the MCP78S chipset/GeForce 8200 provide the first integrated graphics solutions that can accelerate Blu-ray playback. We dig deep into how well they work with high-quality Blu-ray 1080p video playback. Read more

Four GeForce 9600 GT Cards Compared

Four GeForce 9600 GT Cards Compared

Published on September 26, 2008

Manufacturers really love the first Geforce 9. The graphic chip is fast, the cards are inexpensive, and some retailers offer more than ten variations. Read more

Maxtor's Shared Storage Does NAS At Home

Maxtor's Shared Storage Does NAS At Home

Published on September 25, 2008

What do you do with all the data you collect at home? Network attached storage is the solution. We test Maxtor's Shared Storage II and find that it is also suitable for use in small businesses. Read more

All the Reviews & Articles