This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
basic-static [2023/06/27 16:12] – [DHCP Reservation] -update DHCP Reservations screenshot, resize 804x197, formatting hogwild | basic-static [2023/06/27 16:21] (current) – [Static ARP] -condense, clarity hogwild | ||
---|---|---|---|
Line 21: | Line 21: | ||
\\ | \\ | ||
- | \\ | + | \\ {{:: |
- | {{:: | ||
==== Security Limitations ==== | ==== Security Limitations ==== | ||
Line 29: | Line 28: | ||
As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato' | As mentioned earlier, DHCP Reservation offers the mapped IP address (and Hostname) to the MAC address you specified every time it offers a lease. DHCP Reservation does not prevent a different client from being configured with the same IP address. This is because DHCP Reservation only offers a static mapping to client devices which request a lease. If another device were self-configured with a (true) static IP, or if the router/DHCP were disabled, the other device could take that IP address. Similarly, if the first client for which DHCP Reservation were then self-configured with a static IP, it could claim a different IP address than the one in FreshTomato' | ||
- | Even if everything else were working properly, only DHCP lease //offers// are made static. The router' | + | Even if everything else were working properly, only DHCP lease //offers// are made static. The router' |
==== Inconsistent Terminology ==== | ==== Inconsistent Terminology ==== | ||
Line 76: | Line 76: | ||
=== Reduces ARP spoofing === | === Reduces ARP spoofing === | ||
- | By default, ARP gets its mapping information from other network | + | By default, ARP gets its mapping information from other clients. It works in a peer-to-peer fashion. ARP mappings are assumed to be " |
Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. FreshTomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, FreshTomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator. | Here again, Static ARP binding can help. When enabled, Static ARP binding will ignore ARP spoofing attempts. FreshTomato will ignore all (broadcast) ARP replies of devices listed in the table. Instead, FreshTomato will check the Static DHCP tables to find the MAC address that belongs to a certain IP address. We assume this information is more accurate, since the Static DHCP table is maintained by the network administrator. | ||
- | **MAC Address: **Here | + | **MAC Address: |
- | **Bound To: **Checking this enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for the mapping | + | **Bound To: **Checking this enables Static ARP binding for the IP - MAC address mapping. It adds a Static ARP entry for it in FreshTomato' |
- | **IP Address:** Here, enter the IP address you want bound to the MAC address entered. This is optional. If you leave the IP address empty, it will only link a Hostname to a MAC address, allowing for normal DHCP operations. This "lack of IP" might be helpful for devices that don't automatically have a Hostname assigned, but for which you still prefer a dynamic IP allocation. | + | **IP Address: |
- | **IP Traffic:** Checking this enables IP bandwidth | + | **IP Traffic:** Checking this enables IP Traffic |
- | **Hostname: | + | **Hostname: |
Traditionally, | Traditionally, | ||
- | These days, the client' | + | These days, the client' |
- | Hostname description derived from IETF (IETF.ORG) RFC2131 Standards Track, DHCP Protocol, page 8 | + | Hostname description derived from IETF (IETF.ORG) RFC2131 Standards Track, DHCP Protocol, page 8 |
- | [[https:// | ||
===== Options ===== | ===== Options ===== |