Securing DHCP Server
From: Rob Devereux (rob.devereux_at_linacre.ox.ac.uk)
Date: 05/18/04
- Next message: Bryan Cowley: "Search Files and Folders"
- Previous message: Megan Kielman: "Re: File and folder permissions"
- Next in thread: Steven L Umbach: "Re: Securing DHCP Server"
- Reply: Steven L Umbach: "Re: Securing DHCP Server"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 18 May 2004 16:14:17 +0100
Forgive the X posting but I wanted to cover as many bases as possible with
this.
I have a DHCP Server set up on a Windows 2000 Server.
In order to have the best of both worlds (ie have the security and auditing
of Static addresses in cases of virus infection or abuse but the convenience
of setup and ability to recoup address from leaving clients), I have set it
up to have no "pool" of addresses and 100% either blocked or reserved by MAC
address(the clients have to send me the MAC address which I register against
an IP address).
What I have found is that if a rogue machine is put on the network(for
example if someone forgets to register their MAC address or just ignores the
need), particularly a 2000/XP one, the DHCP Server will assign it an address
even though there are supposedly none to be assigned. What I have found
happening is that it assigns one of the reserved addresses that is currently
inactive(because the pc is temporariliy off the network), and of course as
soon as that client goes back on the network and tries to use the address,
they get an IP conflict at best and more likely just a lock on usage.
Has anyone seen this or got a fix for it?
Rob
-- Rob Devereux IT Officer Linacre College St Cross Road Oxford OX1 3JA (01865) 271659 rob.devereux@linacre.ox.ac.uk
- Next message: Bryan Cowley: "Search Files and Folders"
- Previous message: Megan Kielman: "Re: File and folder permissions"
- Next in thread: Steven L Umbach: "Re: Securing DHCP Server"
- Reply: Steven L Umbach: "Re: Securing DHCP Server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
