• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

win2003 DHCP server question!!!

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows

View previous topic :: View next topic  
Author Message
happyhacker81
Just Arrived
Just Arrived


Joined: 27 Dec 2007
Posts: 0


Offline

PostPosted: Thu Sep 15, 2011 6:16 am    Post subject: win2003 DHCP server question!!! Reply with quote

hello every body, i've one question about DHCP ...

In one of my small network has win2003 server, that running for DHCP service for
clients in the network ... one day, one of user plug Wireless Router (enable DHCP Service) accidentally ... then, some of clients get IPs from this Router (wrong IP) and didn't get access to network ... i found this problem ... so i want to make sure all clients get IP only from my Win2003 DHCP server ... i want to prevent getting from another wrong configured devices like as above ...
how can i do??? can i configure through GPO?? or is there Computer Startup Script that client can choose or point to default DHCP server??

please advice me urgently
Back to top
View user's profile Send private message
graycat
SF Mod
SF Mod


Joined: 29 Apr 2005
Posts: 16777195
Location: London, UK

Offline

PostPosted: Thu Sep 15, 2011 9:52 am    Post subject: Reply with quote

As far as I'm aware you can only do this by having full control of your network and preventing a rogue DHCP server being plugged into it.

The issue with the options you mentioned is that they all require the PC to be on the network first which means it's already dealt with a DHCP server.

One option that does spring to mind though is enabling MAC address security on your network switches. That was anything not on your approved list will not be able to plug into the network to start off with. May not be possible with the switches you have in place now and it takes maintenance / looking after to make sure the MAC address list is up to date but it would solve the problem.

Personally I'd just take "The Training Stick" to the user that plug the wireless router in without permission and make sure it doesn't happen again. Laughing
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Thu Sep 15, 2011 9:52 am    Post subject: Reply with quote

Not really, no.

The whole point of DHCP is that the client does not need to know where the server is, it can simply ask for the first available server to provide an address which makes it very robust and simple to deploy.

One thing that can help so that if these situations arise the impact is lessened, is to increase the DHCP lease time (default from memory is 8 days in W2003, up this to say 16 or more as long as you have enough addresses to cover infrequent users such as sales laptops).
This would mean that when someone puts a rogue DHCP server on the network fewer clients will be renewing their addresses in a given time frame before you discover the problem.

Another thing that will help is to hang the offending user from a LAN cable in the office lobby, where other users can see what happens when you do stupid things like this. "Pour encourager les autres", as they say.
Back to top
View user's profile Send private message Visit poster's website
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Thu Sep 15, 2011 9:55 am    Post subject: Reply with quote

graycat wrote:
The issue with the options you mentioned is that they all require the PC to be on the network first which means it's already dealt with a DHCP server.

I hadn't thought of it that way round. Although GP would still apply the previous cached settings up until it connects to the network and gets refreshed (so that GP is still in force when a user is offline)

graycat wrote:

Personally I'd just take "The Training Stick" to the user that plug the wireless router in without permission and make sure it doesn't happen again. Laughing


Great minds, and all that...

Maybe if a user likes wireless routers*, they might like my cordless drill? Hm?? Say hello to my leedle friend!
Shocked

*IP routers / woodworking routers - pun only works if you don't already pronounce rooter like rowter
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter