[unisog] DHCP Address Reuse Questions

Gary Flynn flynngn at jmu.edu
Wed Oct 12 15:56:17 GMT 2005


Hi,

I've got some questions on how DCHP dynamic addresses
are assigned in practice. First, some background:

We're planning on implementing a default deny inbound
Internet access policy. We plan on letting faculty and
staff expose their computers on demand and letting
our current access controls provide a security floor
no lower than the current stance. The idea being, that
the majority of people would not choose to expose
their computers and 65,000+ ports to the Internet
thereby decreasing overall risk.

Production servers would obviously have static
addresses.

We're concerned about informal or temporary servers
that rely on DHCP services for dynamic addresses.
If someone chooses to expose their IP address and it
changes, their server becomes unavailable and someone
else possibly gets exposed (but only to the level
they are currently exposed).

We're using the ISC server with a one day lease time.

Does anyone have any operational data or statistics
or could point me to such information that shows how
often and under what circumstances a client would get
a different address when their lease has expired?

Is there anything we can do in the ISC configuration
that can better encourage resuse?

thanks,

-- 
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security


More information about the unisog mailing list