Actually I want to prevent two things. Since the installation is done at a collage the users are not considered trustworty. Considering two users A and B with notebooks with ethernet addresses MAC1, MAC2. Each Scenario 1: When user A is not online, user B changes his/her IP to A's IP and tries to hack in. The logs will show that hte user A has tried to do so. Scenario 2: User B tries to disconnect and annoy user A by statically setting his IP to user A's assigned IP. Since the dhcpd server tries to give depending on the MAC address, the user A will never get connected. Isn't this a nice problem :) Peter Poeml wrote:
On Mon, Feb 18, 2002 at 06:16:13PM +0200, Oyku Gencay wrote:
Hi,
I wonder if any of you has faced such a problem. We have deployed a DHCP server and users with their notebooks get their IP from DHCP depending on the MAC address of the ethernets. However, I could not find any way to determine that each users will get their assigned IP if they set up their IP statically for their W2K. To work this around I'm thinking to deploy identd on every client and periodically check against arping sweep to verifiy MAC addresses with users. Does anyone have a suggestion?
What do you want to achieve? Adresses being used twice? (Many DHCP servers try a ping on IP address before giving out a lease, and many clients do the same, they check via ARP whether the IP address is not in use by some other host.)
Or do you want to prevent people from using addresses they are not supposed to use?
Unfortunately, there is no way to enforce an IP, not even the usage of DHCP on a client.
DHCP allows for authentication, but AFAIK so far noone hs implemented it.
I would run arpwatch.
Peter