[Dshield] How can I restrict only authorized computer receiving theIP address from DHCP Server?

Kenneth Porter shiva at sewingwitch.com
Wed Aug 27 11:02:30 GMT 2003


--On Tuesday, August 26, 2003 12:18 PM -0700 Davin Petersen 
<davinp at ncstek.com> wrote:

> You can do manual reservations, but that ties a MAC to an IP.
>
> This does take much of the flexibility out of DHCP though.

You do need some way to identify which hosts are "authorized", and the MAC 
address is usually the only thing available.

Win2k DHCP can be scripted with netsh, and I think you can also access it 
through some API, so you could code something up that manages the 
reservations programmatically. For instance, grant IP addresses in a 
special netblock that only has access to a private web server. A new host 
has to prove it's "authorized" in some way to this web server, which adds 
it to a DB and then scripts a reservation to the DHCP server. It then 
informs the host's user to issue a release/renew sequence to get the new 
reservation.




More information about the list mailing list