On Sun, 10 Jun 2007 21:07:43 -0700, Julie Bove wrote:

[snip]

> Does setting the number of allowed DHCP clients equal to the number of
> available computers afford me any protection from intrusion?
>
> That is, if I have three computers and I set the DHCP range from
> 192.168.1.1 to 192.168.1.3 - doesn't that protect me from intrustion by a
> fourth computer?

Unfortunately not. Anyone who would manage to break the other
security features will surely know how to set an IP address
manually.

To achieve what you want (no available addresses for an attacker),
you'd have to think of subnetting. By narrowing your network
address range with a smaller network mask, you could prevent
more than 6 (sorry, 3 or 4 is not an option) stations from beeing
on your network simultaneously.

By changing the mask from 255.255.255.0 to 255.255.255.248, and
assuming a router address of 192.168.1.1, you would get the range
192.168.1.2 to 192.168.1.6, with 192.168.1.7 beeing your new
broadcast address (which used to be 192.168.1.255).

Unless you already know subnetting (or find it easy), I'd rather
recommend using an access-list to limit access. You mentioned
Cisco earlier,

access-list 1 permit ip host 192.168.1.1 any
access-list 1 permit ip 192.168.1.0 0.0.0.1 any
access-list 1 permit ip any host 192.168.1.7 any

, will permit traffic from 192.168.1.1-192.168.1.3, and deny
the rest. The last of the three lines allow broadcast traffic.
Not sure if that's required.


- Eirik