Re: DHCP server – static only


Re: DHCP server – static only

I would agree that having a DHCP-based quasi-static IP setup beats manually configuring each node, but:

teiger;282141 wrote:
3) In “normal” situations, only authorised endpoints connect to your network – assuming no-one applies a sniffer and spoofs MAC addresses.

All a person would need to do to bypass this “security” measure, is to manually configure an IP address on his/her system.

Filtering by IP addresses only ever works if you’re filtering traffic on a network basis (allow/disallow entire networks), and you control the router and can prevent spoofing. It also kinda works for routable IP addresses, but the lack of egress filtering by most ISPs means IP addresses can be successfully blind-spoofed on many networks.