Configuring DHCP Relays and Scanning for Rogue Mac Addresses
From: Will (DELETE_westes_at_earthbroadcast.com)
Date: 09/26/05
- Next message: tedu: "Re: first time install problem"
- Previous message: Jan Mannoury: "Re: first time install problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 26 Sep 2005 10:30:20 -0700
I have client machines on a protected subnet behind a firewall, and a DHCP
server on a separate protected subnet. I need to relay the DHCP client
requests from one subnet to the other, and for security reasons I don't want
a DHCP relay application running on the firewall. Does OpenBSD support a
DHCP relay that would allow a configuration like:
client on subnet A <----> dhcp relay on subnet A <----> firewall <---->
dhcp relay on subnet B <----> dhcp server
What software supports that configuration?
Some additional features that would be really nice to have:
- Ability to scan for any DHCP request from an unrecognized Mac address,
which would then trigger alerts to either/both syslog and e-mail.
- Ability to scan all ARP requests on the network looking for unrecognized
Mac addresses, the presence of which would trigger alerts.
I want to make it very difficult for a rogue device to get installed on our
network without our having immediate visibility on the fact.
If anyone has other ideas on features we should be looking for in either a
DHCP relay or Mac Address scanner, please feel free to add those.
If the above is available as a commercial device, I would appreciate
references to the vendor's product page as well.
-- Will
- Next message: tedu: "Re: first time install problem"
- Previous message: Jan Mannoury: "Re: first time install problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
