Announcement

Collapse
No announcement yet.

Deny Dhcp leases from computers that not allowed in my company

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Deny Dhcp leases from computers that not allowed in my company

    Hi

    I am looking for a strategy to deny leases from DHCP server to computers that not allowed in my company. I found one DLL that can block MAC address with black o white list, but this solutions only runs when the DHCP service start.

    I would like, to find a solution, with scripting (if its possible), like a daemon. This script would read all logs from DHCP server to find computers that not allowed in my company.

    Anyone knows any solution like this?


    I think a pretty solution, would be create a new class ID in the DHCP server to assign IP addresses of different VLAN to computers that not are in domain of my company.

    Thks for your time, and sorry for my poor english.
    Best Regards
    Alex Casanova

  • #2
    Re: Deny Dhcp leases from computers that not allowed in my company

    Windows 2008 Server introduces NAP that may be what you are looking for. You could perhaps setup managed switches.

    Comment


    • #3
      Re: Deny Dhcp leases from computers that not allowed in my company

      Originally posted by alexbogus View Post
      Hi

      I am looking for a strategy to deny leases from DHCP server to computers that not allowed in my company. I found one DLL that can block MAC address with black o white list, but this solutions only runs when the DHCP service start.

      I would like, to find a solution, with scripting (if its possible), like a daemon. This script would read all logs from DHCP server to find computers that not allowed in my company.

      Anyone knows any solution like this?


      I think a pretty solution, would be create a new class ID in the DHCP server to assign IP addresses of different VLAN to computers that not are in domain of my company.

      Thks for your time, and sorry for my poor english.
      Best Regards
      Alex Casanova
      Hi,

      I am not sure what you mean by " This solution only works when DHCP service starts.
      I am assuming you mean this Dll as you've comented on the blog as well.

      If you mean nonauthorised clients that have already leased an address, you could use the Dll in question and reduce the lease time to lets say 10 mins to force the clients to request a new lease. That way I would've thought the MAC filtering Dll should kick into action and check if the Mac address is allowed or not.

      On a side note this doesn't protect you against mac spoofing attacks so other security measures should be considered to compensate DHCPs relaxed security nature.

      Ta
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment

      Working...
      X