Re: mac address filtering - blocking dhcp intruder

paulnigel · ‎06-11-2006

for those dhcp enable port, what is the best way to block intruder from grabbing addresses. Is META IP safe DHCP a solution?

jlimbo · ‎06-11-2006

Hi Paul,

I just want to clarify your query. From your post you mention that you want to block intruders from grabbing dhcp addresses using your IPS is that correct?

paulnigel · ‎06-11-2006

Hi jlimbo,

I am not sure I am in the right place or not. no not the IPS. just the cisco switches. I want to prevent unauthorized people from plugging into any network point to grab DHCP addresses inorder to gain network access.

besides limiting access using mac address on the switches, is there any other solution. Is Meta IP safe DHCP a solution?

jlimbo · ‎06-12-2006

This question is better suited for general security rather than the IPS/IDS Forum.

To answer your question, NAC appliance sounds like a solution you may be interested in:

http://www.cisco.com/en/US/customer/products/ps6128/index.html

If you have further question please direct them to Security General Forum please.

I hope that helped.

-jonathan

paulnigel · ‎06-12-2006

thanks Jonathan,

I will go to the general forum.

vladrac-ccna · ‎06-15-2006

Hello Paul,

Maybe filtering udp on port 67 and 68 on the interfaces connected to the hosts will help you.

As it would filter dhcp request and replies.

what kind of switch are you using?

HTH,

if it does please rate this post.

Vlad

darin.marais · ‎06-15-2006

FYR,

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080435791.html