Mailinglist Archive: opensuse-security (685 mails)

[Oyku Gencay <oykug@xxxxxxxxxx>]

Actually I want to prevent two things. Since the installation is done at 
a collage the users are not considered trustworty.
Considering two users A and B with notebooks with ethernet addresses 
MAC1, MAC2. Each
Scenario 1:
When user A is not online, user B changes his/her IP to A's IP and tries 
to hack in. The logs will show that hte user A has tried to do so.
Scenario 2:
User B tries to disconnect and annoy user A by statically setting his IP 
to user A's assigned IP. Since the dhcpd server tries to give depending 
on the MAC address, the user A will never get connected.

Isn't this a nice problem :)

Peter Poeml wrote:
> On Mon, Feb 18, 2002 at 06:16:13PM +0200, Oyku Gencay wrote:
>
> > Hi,
> >
> > I wonder if any of you has faced such a problem. We have deployed a DHCP
> > server and users with their notebooks get their IP from DHCP depending
> > on the MAC address of the ethernets. However, I could not find any way
> > to determine that each users will get their assigned IP if they set up
> > their IP statically for their W2K. To work this around I'm thinking to
> > deploy identd on every client and periodically check against arping
> > sweep to verifiy MAC addresses with users. Does anyone have a suggestion?
>
> What do you want to achieve? 
> Adresses being used twice?
> (Many DHCP servers try a ping on IP address before giving out a lease,
> and many clients do the same, they check via ARP whether the IP address
> is not in use by some other host.)
>
> Or do you want to prevent people from using addresses they are not
> supposed to use?
>
> Unfortunately, there is no way to enforce an IP, not even the usage of
> DHCP on a client. 
>
> DHCP allows for authentication, but AFAIK so far noone hs implemented
> it. 
>
> I would run arpwatch. 
>
> Peter