DHCP does not always change IP's. Typically the "lease" is for 7 days (default for NT.) At 50% of the lease cycle the workstation renews it's lease with the original DHCP server. If this server is not able to be contacted it keeps trying every few hours (can't remember exact interval.) Then if the lease is not renewed at 90% of lease time, the client starts doing a broadcast bootp protocol message asking for any DHCP server to give it a lease. Even if this occurs and that IP has not been handed out by the new server, it "usually" gets the same IP. All the DHCP servers should be set to log to the NT event log so you know who got what by IP/MAC address association. Typical lease renewals go on without ever changing the IP address. IP address can change if for some reason a workstation is off for longer than the lease duration and a new workstation comes on line and gets that IP, this is where the logs come in handy.
If your scan reveals something, look in the DHCP server and see what machine has that IP address and for how long the lease has been established. If your scan is out of the timeframe of the scan, go to the NT event log and see who had it at that time. (of course this is assuming that your event log has not been filled up with some error information and the DHCP logging information has automatically deleted:-( )
Of course you could always force leases to MAC address's and not allow anyone to just "get" an IP address. This would have the benefits of allowing all the DNS/WINS/Gateway/mask and other changes that can be accomplished via DHCP but would add the step back in the process of requiring the user to contact IT or IS (whatever) and giving them their MAC address for the lease to be assigned. Then the user would basically have a static IP but you could change all the other info on the fly!
-----Original Message-----
From: Bridge, Jim [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 14, 2000 9:52 AM
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'
Subject: RE: DHCP and Internet Scanner
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I'll try to rephrase my concerns....If DHCP "scrambles" IP addresses--and
forgive my amateur status in this area--how can you remediate what IS finds?
The desktops have new IPs tomorrow. Do you need a MetaIP type solution in
this case?
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 14, 2000 9:10 AM
To: [EMAIL PROTECTED]
Subject: RE: DHCP and Internet Scanner
Would you reword your concerns about Internet Scanner and DHCP. I believe I
may have similar concerns.
Thanks,
Arlan Goins
Audit Manager
Air Force Audit Agency
