spoofing client IP configuration

spoofing client IP configuration

[Doug Yeager]

o.k.,
managing a public WLAN, people have all sorts of IP configurations preset 
on their clients (not all are dhcp clients enabled).
i am currently running a DHCP server and it works *MOST* of the time.  the 
ultimate solution would be to somehow ignore the client ip configuration 
and map to the clients on the server side based on their mac address, or 
something like that.  i know this is possible because there are hotels that 
do this kind of thing.....some terms like "nomadic server" have popped up.

i want the server to route based on local addresses, so this service 
hopefully would run at the mac level.
the public wlan currently runs:
nocat gateway
HostAP
Iptables firewall
DHCPD  (server in question by this email)

any alternatives to DHCP that do this would be great....i just want people 
configured to their work ip configs to be able to get on.  would moving to 
802.11 auth help?  i don't think so because after authentication you still 
need an IP to do anything...unless i'm thinking about this wrong.

thx,
doug

spoofing client IP configuration

[Doug Yeager]

o.k.,
managing a public WLAN, people have all sorts of IP configurations preset 
on their clients (not all are dhcp clients enabled).
i am currently running a DHCP server and it works *MOST* of the time.  the 
ultimate solution would be to somehow ignore the client ip configuration 
and map to the clients on the server side based on their mac address, or 
something like that.  i know this is possible because there are hotels that 
do this kind of thing.....some terms like "nomadic server" have popped up.

i want the server to route based on local addresses, so this service 
hopefully would run at the mac level.
the public wlan currently runs:
nocat gateway
HostAP
Iptables firewall
DHCPD  (server in question by this email)

any alternatives to DHCP that do this would be great....i just want people 
configured to their work ip configs to be able to get on.  would moving to 
802.11 auth help?  i don't think so because after authentication you still 
need an IP to do anything...unless i'm thinking about this wrong.

thx,
doug 

Re: spoofing client IP configuration

[Raymond Leach]

[-- Attachment #1: Type: text/plain, Size: 1625 bytes --]

On Thu, 2003-03-13 at 14:19, Doug Yeager wrote:
> o.k.,
> managing a public WLAN, people have all sorts of IP configurations preset 
> on their clients (not all are dhcp clients enabled).
> i am currently running a DHCP server and it works *MOST* of the time.  the 
> ultimate solution would be to somehow ignore the client ip configuration 
> and map to the clients on the server side based on their mac address, or 
> something like that.  i know this is possible because there are hotels that 
> do this kind of thing.....some terms like "nomadic server" have popped up.
> 
> i want the server to route based on local addresses, so this service 
> hopefully would run at the mac level.
> the public wlan currently runs:
> nocat gateway
> HostAP
> Iptables firewall
> DHCPD  (server in question by this email)
> 
> any alternatives to DHCP that do this would be great....i just want people 
> configured to their work ip configs to be able to get on.  would moving to 
> 802.11 auth help?  i don't think so because after authentication you still 
> need an IP to do anything...unless i'm thinking about this wrong.
> 
The dhcpd that ships with most distros can do ip allocation based on mac
addresses. There are sample configs in the docs.

Mixing fixed ips and dhcp is always a messup. You will endlessly be
maintaining the reserved lists on the dhcp server.

Define an ip strategy AND stick to it ...
e.g. 
xxx.xxx.xxx.1-9		routers
xxx.xxx.xxx.10-50	servers
xxx.xxx.xxx.51-100	printers, coffee machines, etc.
xxx.xxx.xxx.101-254	workstations, pda's, etc.

HTH

Ray
> thx,
> doug 

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]