win2003 DHCP server question!!!

Networking/Security Forums -> Windows

Author: happyhacker81 PostPosted: Thu Sep 15, 2011 6:16 am    Post subject: win2003 DHCP server question!!!
    ----
hello every body, i've one question about DHCP ...

In one of my small network has win2003 server, that running for DHCP service for
clients in the network ... one day, one of user plug Wireless Router (enable DHCP Service) accidentally ... then, some of clients get IPs from this Router (wrong IP) and didn't get access to network ... i found this problem ... so i want to make sure all clients get IP only from my Win2003 DHCP server ... i want to prevent getting from another wrong configured devices like as above ...
how can i do??? can i configure through GPO?? or is there Computer Startup Script that client can choose or point to default DHCP server??

please advice me urgently

Author: graycatLocation: London, UK PostPosted: Thu Sep 15, 2011 9:52 am    Post subject:
    ----
As far as I'm aware you can only do this by having full control of your network and preventing a rogue DHCP server being plugged into it.

The issue with the options you mentioned is that they all require the PC to be on the network first which means it's already dealt with a DHCP server.

One option that does spring to mind though is enabling MAC address security on your network switches. That was anything not on your approved list will not be able to plug into the network to start off with. May not be possible with the switches you have in place now and it takes maintenance / looking after to make sure the MAC address list is up to date but it would solve the problem.

Personally I'd just take "The Training Stick" to the user that plug the wireless router in without permission and make sure it doesn't happen again. Laughing

Author: AdamVLocation: Leeds, UK PostPosted: Thu Sep 15, 2011 9:52 am    Post subject:
    ----
Not really, no.

The whole point of DHCP is that the client does not need to know where the server is, it can simply ask for the first available server to provide an address which makes it very robust and simple to deploy.

One thing that can help so that if these situations arise the impact is lessened, is to increase the DHCP lease time (default from memory is 8 days in W2003, up this to say 16 or more as long as you have enough addresses to cover infrequent users such as sales laptops).
This would mean that when someone puts a rogue DHCP server on the network fewer clients will be renewing their addresses in a given time frame before you discover the problem.

Another thing that will help is to hang the offending user from a LAN cable in the office lobby, where other users can see what happens when you do stupid things like this. "Pour encourager les autres", as they say.

Author: AdamVLocation: Leeds, UK PostPosted: Thu Sep 15, 2011 9:55 am    Post subject:
    ----
graycat wrote:
The issue with the options you mentioned is that they all require the PC to be on the network first which means it's already dealt with a DHCP server.

I hadn't thought of it that way round. Although GP would still apply the previous cached settings up until it connects to the network and gets refreshed (so that GP is still in force when a user is offline)

graycat wrote:

Personally I'd just take "The Training Stick" to the user that plug the wireless router in without permission and make sure it doesn't happen again. Laughing


Great minds, and all that...

Maybe if a user likes wireless routers*, they might like my cordless drill? Hm?? Say hello to my leedle friend!
Shocked

*IP routers / woodworking routers - pun only works if you don't already pronounce rooter like rowter



Networking/Security Forums -> Windows


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group