DHCP Server Question

  • Thread starter Thread starter Jeff Baublitz
  • Start date Start date
J

Jeff Baublitz

I have a win 2K server set up and giving out IP addreses
(DHCP). Everything is working fine. But with this latest
Welchia (blaster) worm, we have been thinking that we
don't want anyone to just walk onto our network and plug
in and get an address. Like we are set up now.

We were wondering if there is a way to filter, or control
who gets an address from the server. Like a list of
approved clients. We are aware this will take more
managment, but it might pay off by making sure we know
about every computer that is on the network.

If anyone knows how to configure this, or any other input,
please feel free to let me know...

Thanks!

jbaublitz@wilcox_dot_scu_dot_k12.ca.us <===Remove the
_dot_ and put a "."
 
tricky but maybe reduce your scope to fit in all your LAN
clients only then jsut create reservations for all the
clients that way only ips with those mac addresses will
get an ip and as u know macs are 100 per cent unique
 
are you worried about wireless clients?

otherwise, if you cant control who plugs their computers into your network,
you have problems that technology will not be helpful in solving.

Something to look at is setting up you DHCP to only use reservations. These
are mappings between the MAC address of a computer, an an IP address. The
net effect is static addressing, but you are using DHCP to provide the
address. This may give you the granularity that you are looking for, and as
you guessed, it will increase the administrative bourdon.

NuTs
 
And yes, you can configure your scope with all addresses excluded, but then
add reservations within the excluded ranges for your clients.

But as NuTs said, someone can still plug into your network, then assign
themselves a static address. There are other ways to enable security that
are more reliable than stretching DHCP (which was never intended as a
security platform) such as 802.1x.

-Chris
--
==============================
Chris Edson
(e-mail address removed)

This posting is provided "AS IS" with
no warranties, and confers no rights.
===============================
 
Back
Top