Yes, but they will also be prone to rogue servers. The domain member clients will not. Tom Erdely Mail: tom@xxxxxxxxx Web: http://tom.erdely.no -----Original Message----- From: Sorin Srbu [mailto:sorin@xxxxxxxxxxxxx]=20 Sent: 20. august 2002 15:14 To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: DHCP questions On Tue, 20 Aug 2002 08:57:02 -0400, slymax wrote: >What about introducing unauthorized clients onto the network that could >receive an address? Anything to stop this from happening? Can they still recieve an ip even though they're not members of the domain? >-----Original Message----- >From: windows2000-bounce@xxxxxxxxxxxxx=20 >[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Daniel Angelucci >Sent: Tuesday, August 20, 2002 8:39 AM >To: windows2000@xxxxxxxxxxxxx >Subject: [windows2000] Re: DHCP questions > > > >There are some issues with rogue DHCP servers on a network. Someone=20 >can > >really do some damage with those. Let's say I set up a DHCP server in=20 >the same subnet as a group of client computers. Since my DHCP server=20 >is closest, the clients will receive addresses from it. As a result, I >can > >pass WINS or DNS information which will point clients to trojan=20 >websites, etc. etc. etc. > >Interestingly, M$ has a solution for this. Windows 2000 clients in a=20 >AD > >domain with a Windows 2000 DHCP server REQUIRE that the server be=20 >registered with AD. If it is not, the clients will not accept the=20 >address. So in the >above scenario, my Win 2K clients will reject the address and eventually > >receive one from the legitimate server. > >Score one for Microsoft. > >Dan > > >>From: "Sorin Srbu" <sorin@xxxxxxxxxxxxx> >>Reply-To: windows2000@xxxxxxxxxxxxx >>To: "Windows2000 Mailing List" <Windows2000@xxxxxxxxxxxxx> >>Subject: [windows2000] DHCP questions >>Date: Tue, 20 Aug 2002 10:34:54 +0200 >> >> >>Hi all, >> >>I recently brought up the topic on implementing dhcp for our >>windows-boxes on the dept with the other sysadmin/unix, and his=20 >>spontaneous comment is below: >> >>"I still don't like the idea because I don't think it's needed (how >>often does one really need to change IP-settings?) and >>because I don't like the security hole it opens for IP-spoofing. >>Maybe >>the switched-hubs protect us from the security concerns ..." >> >>Can you guys add something to this? Is his opions at all valid? BW, Sorin # Sorin Srbu, Systems Engineer Email: sorin.srbu@xxxxxxxxxxxxx # Department of Medical Chemistry, Web: http://www.farmaci.uu.se # Division of Organic Pharmaceutical Chemistry, Phone: +46-18-471-4482 >> 5 signals >> GSM # BMC, Box 574, Uppsala University Cell Phone: +46-701-718023 # SE-751 23 Uppsala, Sweden Fax: +46-18-471-4474 # Visit: BMC, Husargatan 3, D5:512b # # Public PGP key available on request. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm