From owner-freebsd-net Sun Apr 23 9:44:25 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail.ddg.com (eunuch.ddg.com [216.30.58.66]) by hub.freebsd.org (Postfix) with ESMTP id EBE7D37B999 for ; Sun, 23 Apr 2000 09:44:16 -0700 (PDT) (envelope-from rkw@dataplex.net) Received: from nomad.dataplex.net (24.28.73.209) by mail.ddg.com with SMTP (Eudora Internet Mail Server 2.1); Sun, 23 Apr 2000 11:44:08 -0500 From: Richard Wackerbarth To: Tomaz Borstnar Subject: Re: enforcing DHCP usage Date: Sun, 23 Apr 2000 11:44:07 -0500 X-Mailer: KMail [version 1.1.40] Content-Type: text/plain References: <4.3.1.2.20000423174128.035fd280@193.189.189.100> In-Reply-To: <4.3.1.2.20000423174128.035fd280@193.189.189.100> Cc: freebsd-net@FreeBSD.ORG MIME-Version: 1.0 Message-Id: <00042311440700.14566@nomad.dataplex.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 23 Apr 2000, Tomaz Borstnar wrote: > Anyone know a solution where one can enforce usage of DHCP ie. nobody will > be able to communicate outside its physical ethernet if it doesn't acquire > proper address via DHCP server. There are some possible kludges where a > script would check DHCP leases and block traffic for all but properly > leased addresses Fundamentally, that is all that you can do. Remember that the purpose of DHCP is to assist a machine in getting configuration information. It is not an enforcement mechanism. Any host can attempt to use ANY IP address and there is nothing technical that you can do to stop it. Your only leverage is either "administrative edict" ( ... or else you're fired ) or some filter that refuses to accept unauthorized packets. Even in the latter case, you will have a lot of trouble and expense distinguishing between someone "squatting" on an IP address and the one who is using it properly. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message