2 Jan
2005
2 Jan
'05
18:05
Hi! We have dhcp-logs. But the dhcp-log shows just the local ip, while the (maybe attacked) server will only see the gateways external ip. So we would have to log ALL connections made from ANY client on the gateway, so that we could see the local addresses. This is not possible because of privacy concerns. So we need a way allowing the gateway to tell the server the original ip (or hostname or registred user) of the machine (in a hoshed format) if necessary. The only mechanism for that is afaik identd. CU Lars. Dana Hudes:
identd isn't encrypted and isn't reliable it is easily spoofed. DHCP logs would be more reliable...