Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Windows Networking > DHCP Authorisation - does it stop rouge DHCP servers?

Reply
Thread Tools Display Modes

DHCP Authorisation - does it stop rouge DHCP servers?

 
 
Ben UK
Guest
Posts: n/a

 
      11-28-2007, 10:49 AM
Hi,

Can you use DHCP Authorisation to stop rouge DHCP servers supplying PC with
IP addresses?

Thanks, Ben
 
Reply With Quote
 
 
 
 
D3L3R1u5
Guest
Posts: n/a

 
      11-28-2007, 01:42 PM
Hi Ben, yes it is exactly for that purpose and both Server 2003 and 2008
(longhorn) support this, it will also check and i beleive these times are
valid for both O/S versions. but authorised servers check every 60 minutes
and unauthorised check every 10 minutes sending out a DHCPINFORM request. the
links below go into more detail on the processes used.

w2k
http://technet2.microsoft.com/window....mspx?mfr=true
w2k8

http://technet2.microsoft.com/window....mspx?mfr=true
--
D3L3R1u5


"Ben UK" wrote:

> Hi,
>
> Can you use DHCP Authorisation to stop rouge DHCP servers supplying PC with
> IP addresses?
>
> Thanks, Ben
 
Reply With Quote
 
Newell White
Guest
Posts: n/a

 
      11-28-2007, 01:44 PM

"Ben UK" wrote:

> Hi,
>
> Can you use DHCP Authorisation to stop rouge DHCP servers supplying PC with
> IP addresses?
>
> Thanks, Ben

Alas not quite.
In an AD-integrated domain it prevents unauthorised DHCP server on a domain
member from supplying IP addresses.
But routers and firewalls which have DHCP capability must have this disabled
before plugging them into an AD-integrated domain.
Also it is helpless to deal with a DHCP server on a computer which is not a
domain member, but has a suitable IP and sub-net mask when plugged into the
LAN.

--
Regards,
Newell White
 
Reply With Quote
 
D3L3R1u5
Guest
Posts: n/a

 
      11-28-2007, 02:07 PM
Hi Newel, Are you refering to W2K3 or W2K8 when you say the authorisation
protection does not work?
I've persoanlly tested both non domain & Domain members with DHCP service
added but Not Authorised in AD, the DHCP servers would affectiviely shut down
and not hand out address's, and that was regardless of what VLAN's i placed
them into although one exception i can see is if a Linux based DHCP Server is
used.

--
D3L3R1u5


"Newell White" wrote:

>
> "Ben UK" wrote:
>
> > Hi,
> >
> > Can you use DHCP Authorisation to stop rouge DHCP servers supplying PC with
> > IP addresses?
> >
> > Thanks, Ben
>
> Alas not quite.
> In an AD-integrated domain it prevents unauthorised DHCP server on a domain
> member from supplying IP addresses.
> But routers and firewalls which have DHCP capability must have this disabled
> before plugging them into an AD-integrated domain.
> Also it is helpless to deal with a DHCP server on a computer which is not a
> domain member, but has a suitable IP and sub-net mask when plugged into the
> LAN.
>
> --
> Regards,
> Newell White
>
 
Reply With Quote
 
Newell White
Guest
Posts: n/a

 
      11-28-2007, 03:21 PM
I am talking about W2k3.

I agree that if you set up DHCP on a Windows machine and don't 'Authorise'
it, then that machine will not respond to requests for an IP address, whether
domain member or not.

I was cautioning OP that AD can not prevent a rogue DHCP server from
responding to a DHCPdiscover with a DHCPoffer, and if it gets in first then
hell breaks loose.
Try plugging a broadband modem/router into your LAN without first using an
isolated workstation to disable its' DHCP server - if it has an internal IP
and mask that overlaps your LAN it will respond to any DHCP broadcasts very
quickly.

--
Regards,
Newell White


"D3L3R1u5" wrote:

> Hi Newel, Are you refering to W2K3 or W2K8 when you say the authorisation
> protection does not work?
> I've persoanlly tested both non domain & Domain members with DHCP service
> added but Not Authorised in AD, the DHCP servers would affectiviely shut down
> and not hand out address's, and that was regardless of what VLAN's i placed
> them into although one exception i can see is if a Linux based DHCP Server is
> used.
>
> --
> D3L3R1u5
>
>
> "Newell White" wrote:
>
> >
> > "Ben UK" wrote:
> >
> > > Hi,
> > >
> > > Can you use DHCP Authorisation to stop rouge DHCP servers supplying PC with
> > > IP addresses?
> > >
> > > Thanks, Ben
> >
> > Alas not quite.
> > In an AD-integrated domain it prevents unauthorised DHCP server on a domain
> > member from supplying IP addresses.
> > But routers and firewalls which have DHCP capability must have this disabled
> > before plugging them into an AD-integrated domain.
> > Also it is helpless to deal with a DHCP server on a computer which is not a
> > domain member, but has a suitable IP and sub-net mask when plugged into the
> > LAN.
> >
> > --
> > Regards,
> > Newell White
> >
 
Reply With Quote
 
 
 
Reply

« configuring dhcp redundancy ? | Connections to W2K3 shares disappear »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ebtables to stop DHCP and ARP support@isotech-inc.com Linux Networking 5 07-31-2007 04:14 PM
Stop DHCP Server in XP Alphacenturi Wireless Networks 1 03-20-2006 03:52 AM
Issue with removing an offline DHCP from from the authorisation li bineesh Windows Networking 0 10-13-2005 06:21 AM
Rouge DHCP servers =?Utf-8?B?UGF1bA==?= Windows Networking 8 10-24-2004 02:45 PM
Scripting solution needed for DHCP and trusted PDC/DHCP servers. Scott Cooper Windows Networking 2 07-15-2004 11:05 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11