On Tue, 20 Aug 2002 08:57:02 -0400, slymax wrote: >What about introducing unauthorized clients onto the network that could >receive an address? Anything to stop this from happening? Can they still recieve an ip even though they're not members of the domain? >-----Original Message----- >From: windows2000-bounce@xxxxxxxxxxxxx >[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Daniel Angelucci >Sent: Tuesday, August 20, 2002 8:39 AM >To: windows2000@xxxxxxxxxxxxx >Subject: [windows2000] Re: DHCP questions > > > >There are some issues with rogue DHCP servers on a network. Someone can > >really do some damage with those. Let's say I set up a DHCP server in >the >same subnet as a group of client computers. Since my DHCP server is >closest, the clients will receive addresses from it. As a result, I can > >pass WINS or DNS information which will point clients to trojan >websites, >etc. etc. etc. > >Interestingly, M$ has a solution for this. Windows 2000 clients in a AD > >domain with a Windows 2000 DHCP server REQUIRE that the server be >registered >with AD. If it is not, the clients will not accept the address. So in >the >above scenario, my Win 2K clients will reject the address and eventually > >receive one from the legitimate server. > >Score one for Microsoft. > >Dan > > >>From: "Sorin Srbu" <sorin@xxxxxxxxxxxxx> >>Reply-To: windows2000@xxxxxxxxxxxxx >>To: "Windows2000 Mailing List" <Windows2000@xxxxxxxxxxxxx> >>Subject: [windows2000] DHCP questions >>Date: Tue, 20 Aug 2002 10:34:54 +0200 >> >> >>Hi all, >> >>I recently brought up the topic on implementing dhcp for our >>windows-boxes on the dept with the other sysadmin/unix, and his >>spontaneous comment is below: >> >>"I still don't like the idea because I don't think it's needed (how >>often does one really need to change IP-settings?) and >>because I don't like the security hole it opens for IP-spoofing. >>Maybe >>the switched-hubs protect us from the security concerns ..." >> >>Can you guys add something to this? Is his opions at all valid? BW, Sorin # Sorin Srbu, Systems Engineer Email: sorin.srbu@xxxxxxxxxxxxx # Department of Medical Chemistry, Web: http://www.farmaci.uu.se # Division of Organic Pharmaceutical Chemistry, Phone: +46-18-471-4482 >> 5 signals >> GSM # BMC, Box 574, Uppsala University Cell Phone: +46-701-718023 # SE-751 23 Uppsala, Sweden Fax: +46-18-471-4474 # Visit: BMC, Husargatan 3, D5:512b # # Public PGP key available on request. ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm