Hello Andreas:
If you are relying on DHCP to block internet access, I think your
restriction can be breached very easily. One just needs to snoop network
traffic for sometime in order to get the DHCP settings your server is
transmitting, and then configure them statically on their computer. Once
this is done, the rogue windows client can easily "register" the lease
with the server (by switching to automatic configuration mode) and
sending in its settings to the server.
Now assuming that each W2K user is only using a single system to access
the internet, you can set up internet access based on user authenticaion
instead of system authentication. A good idea would be to implement some
form of proxy http that will serve all the windows clients on your domain.
Delegate is an easily configurable and popular choice that can be hooked
up to have authenticate your users with the W2K PDC before allowing them
access to the internet.
Balaji
Hello,
On Thursday 19 August 2004 16:58, Brian Gehrke wrote:
I am running a W2K domain, using DHCP. Is it possible to block
non-domain computers from getting an IP address from the DHCP server,
so
they will not be able to access the Internet through the network.
is dhcp by mac address (which of course can easily be spoofed)
an option?
regards,
andreas
------------------------------------------------------------------------
---
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of
a certified computer examiner, learn to recover trace data left behind
by
fraud, theft, and cybercrime perpetrators. Discover the source of
computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand
skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of
computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
