Address unknown, part 2

By Robert Currier, ITworld.com |  Networking

We've left the DHCP server detection rules in place and have picked up several other
rogue servers. We use snortsnarf, a perl application mentioned in href=http://mithras.itworld.com/articles/columns/net-currier-0317.html>Part 2 of our
IDS series, to parse the snort alert files and generate HTML pages that we check
once or twice a day. Using snortsnarf is much easier than trying to go through snort's
voluminous alert files by hand.

DHCP's biggest asset -- promiscuity -- is also its biggest problem. Using defined
address tables isn't an option when you're serving up 6,000 addresses. Until we're able
to authenticate and encrypt the traffic between our enterprise DHCP servers and their
clients we'll be forced to hunt down and exterminate the rogue servers on a
case-by-case basis. We desperately need authenticated DHCP. DHCP working group, are
you
listening?

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

NetworkingWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question