Un-Authorized DHCP Leases

  • Thread starter Thread starter Roger Mathews
  • Start date Start date
R

Roger Mathews

On my network with Active Directory I have a single DHCP server which is
(was) working great. Recently a device was installed on the network by a
third party and this device is randomly issuing IP & DNS addresses which is
killing much of the connectivity. Disabling this service on the standalone
device is simple enough but I thought unless a server has been Authorized,
workstations that are in the directory will not receive addressing from any
rouge DHCP server. Any thoughts?

Thanks in advance.
 
Roger said:
On my network with Active Directory I have a single DHCP server which is
(was) working great. Recently a device was installed on the network by a
third party and this device is randomly issuing IP & DNS addresses which is
killing much of the connectivity. Disabling this service on the standalone
device is simple enough but I thought unless a server has been Authorized,
workstations that are in the directory will not receive addressing from any
rouge DHCP server. Any thoughts?
Click to expand...

Not quite.

Any DCHP server that is aware of Active Directory and plays nicely won't
issue leases unless authorised.

But there are plenty of other DHCP servers on the market that predate AD
or don't integrate with it (authorisation is MS's own invention and not
standards based). The DHCP spec says that clients respond to the first
offer they get, so if there's a rogue device and it's quick it will get
business...
 
Adam,

Thanks for the enlightment. I guess I just assumed (oops) that a computer
within the directory would refuse the lease from an un-authorized server but
I do see how this would create major issues as well. Anyway my network
supports a fairly large school in Northern California with over 2500
students. The upper level students study networking and it hasn't happened
yet but I can see someone at some point experimenting with there own
implementation of a DHCP service. This practice is of course a violation of
our AUP but our internal network and the Internet is nothing more than a
huge playground full of temptation.

Regards,

Roger Mathews
 
Roger said:
Thanks for the enlightment. I guess I just assumed (oops) that a computer
within the directory would refuse the lease from an un-authorized server but
I do see how this would create major issues as well.
Click to expand...

For one thing it wouldn't be able to check the directory at that point
as it doesn't have IP connectivity... plus laptops away from the
corporate LAN would want to be able to get DHCP leases, eg from home
LANs or wifi hotspots...
 
Back
Top