Sign in with
Sign up | Sign in
Your question

DHCP Relays and Scanning for Rogue Mac Addresses

Last response: in Networking
Share
Anonymous
September 26, 2005 2:34:28 PM

Archived from groups: comp.security.firewalls (More info?)

I have client machines on a protected subnet behind a firewall, and a DHCP
server on a separate protected subnet. I need to relay the DHCP client
requests from one subnet to the other, and for security reasons I don't want
a DHCP relay application running on the firewall. What is the easiest way
to build a DHCP relay that would allow a configuration like:

client on subnet A <----> dhcp relay on subnet A <----> firewall <---->
dhcp relay on subnet B <----> dhcp server

What software supports that configuration?

In our application I need to use a Microsoft Active Driectory domain
controller for the DHCP server because it is integrated to Microsoft DNS
and reverse lookups are automatically maintained. Unless there are
very strong reasons for it, a DHCP relay is preferred to a DHCP server.
Some additional features that would be really nice to have:

- Ability to scan for any DHCP request from an unrecognized Mac address,
which would then trigger alerts to either/both syslog and e-mail.

- Ability to scan all ARP requests on the network looking for unrecognized
Mac addresses, the presence of which would trigger alerts.

I want to make it very difficult for a rogue device to get installed on our
network without our having immediate visibility on the fact.

If anyone has other ideas on features we should be looking for in either a
DHCP relay or Mac Address scanner, please feel free to add those.

If the above is available as a commercial device, I would appreciate
references to the vendor's product page as well.

--
Will
Anonymous
September 27, 2005 12:13:37 PM

Archived from groups: comp.security.firewalls (More info?)

Please crosspost when appropriate. This message also appeared in
comp.unix.bsd.openbsd.misc, and probably others.
Anonymous
September 27, 2005 6:18:31 PM

Archived from groups: comp.security.firewalls (More info?)

It was not appropriate to crosspost in this case, and I made that decision
because the OpenBSD post asks for an OpenBSD product only.

The post to firewalls asks for any solution, not specific to any flavor of
UNIX.

--
Will

"Joachim Schipper" <jDOTschipper@math.uu.nl> wrote in message
news:4338ff31$0$76657$dbd4f001@news.wanadoo.nl...
> Please crosspost when appropriate. This message also appeared in
> comp.unix.bsd.openbsd.misc, and probably others.
Related resources
!