[windows2000] Re: DHCP questions
- From: "Tom Erdely" <tom@xxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Tue, 20 Aug 2002 15:15:40 +0200
Yes, but they will also be prone to rogue servers. The domain member
clients will not.
Tom Erdely
Mail: tom@xxxxxxxxx
Web: http://tom.erdely.no
-----Original Message-----
From: Sorin Srbu [mailto:sorin@xxxxxxxxxxxxx]=20
Sent: 20. august 2002 15:14
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: DHCP questions
On Tue, 20 Aug 2002 08:57:02 -0400, slymax wrote:
>What about introducing unauthorized clients onto the network that could
>receive an address? Anything to stop this from happening?
Can they still recieve an ip even though they're not members of the
domain?
>-----Original Message-----
>From: windows2000-bounce@xxxxxxxxxxxxx=20
>[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Daniel Angelucci
>Sent: Tuesday, August 20, 2002 8:39 AM
>To: windows2000@xxxxxxxxxxxxx
>Subject: [windows2000] Re: DHCP questions
>
>
>
>There are some issues with rogue DHCP servers on a network. Someone=20
>can
>
>really do some damage with those. Let's say I set up a DHCP server in=20
>the same subnet as a group of client computers. Since my DHCP server=20
>is closest, the clients will receive addresses from it. As a result, I
>can
>
>pass WINS or DNS information which will point clients to trojan=20
>websites, etc. etc. etc.
>
>Interestingly, M$ has a solution for this. Windows 2000 clients in a=20
>AD
>
>domain with a Windows 2000 DHCP server REQUIRE that the server be=20
>registered with AD. If it is not, the clients will not accept the=20
>address. So in the
>above scenario, my Win 2K clients will reject the address and
eventually
>
>receive one from the legitimate server.
>
>Score one for Microsoft.
>
>Dan
>
>
>>From: "Sorin Srbu" <sorin@xxxxxxxxxxxxx>
>>Reply-To: windows2000@xxxxxxxxxxxxx
>>To: "Windows2000 Mailing List" <Windows2000@xxxxxxxxxxxxx>
>>Subject: [windows2000] DHCP questions
>>Date: Tue, 20 Aug 2002 10:34:54 +0200
>>
>>
>>Hi all,
>>
>>I recently brought up the topic on implementing dhcp for our
>>windows-boxes on the dept with the other sysadmin/unix, and his=20
>>spontaneous comment is below:
>>
>>"I still don't like the idea because I don't think it's needed (how
>>often does one really need to change IP-settings?) and
>>because I don't like the security hole it opens for IP-spoofing.
>>Maybe
>>the switched-hubs protect us from the security concerns ..."
>>
>>Can you guys add something to this? Is his opions at all valid?
BW,
Sorin
# Sorin Srbu, Systems Engineer Email: sorin.srbu@xxxxxxxxxxxxx
# Department of Medical Chemistry, Web:
http://www.farmaci.uu.se
# Division of Organic Pharmaceutical Chemistry, Phone: +46-18-471-4482
>> 5 signals >> GSM
# BMC, Box 574, Uppsala University Cell Phone:
+46-701-718023
# SE-751 23 Uppsala, Sweden Fax: +46-18-471-4474
# Visit: BMC, Husargatan 3,
D5:512b
#
# Public PGP key available on request.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
