Yep. Do your switches support DHCP Snooping? You can pretty much kill the problem if they have such a feature.
Thanks, Brian Desmond br...@briandesmond.com c – 312.731.3132 > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Sunday, February 21, 2010 5:11 PM > To: NT System Admin Issues > Subject: Re: DHCP in Win2k3 R2 domain > > Yes, but it seems a bit shortsighted in the face I what I've had to deal with > - > on at least two occasions I've had people drag personal (linksys, dlink) > firewalls/routers into work because they "needed" > them, and really screwed with one of my subnets. > > This was back when we were on NT4, and it was not on the subnet with the > servers, so it didn't DoS the entire office, just that subnet, but still... > > Kurt > > On Sun, Feb 21, 2010 at 14:31, Brian Desmond <br...@briandesmond.com> > wrote: > > The converse to the DHCP detection stuff is that if any Windows box comes > up in the domain with DHCP installed, DHCP won't actually start until > someone with (by default) Enterprise Admin privs "authorizes" it. > > > > > > > > Thanks, > > Brian Desmond > > br...@briandesmond.com > > > > c – 312.731.3132 > > > > > >> -----Original Message----- > >> From: Kurt Buff [mailto:kurt.b...@gmail.com] > >> Sent: Sunday, February 21, 2010 3:57 PM > >> To: NT System Admin Issues > >> Subject: Re: DHCP in Win2k3 R2 domain > >> > >> On Sun, Feb 21, 2010 at 13:11, Michael B. Smith > >> <mich...@smithcons.com> > >> wrote: > >> > There is no intrinsic reason for DHCP to be based on Windows. > >> > >> No "technical" reason then. As I suspected. > >> > >> > There are some "easy of admin" features that I think are nice - > >> > such as when you build the subnet the wizard prompts you for the > >> > site-aware DNS and WINS server and the automatic DNS and rDNS > registrations. > >> > >> Explain that a bit more? Doesn't the setting in WinXP (which is what > >> we're > >> on) also handle that if set manually during OS installation? > >> > >> > But any "modern" (i.e., the last 15 years) DHCP server knows about > >> > WINS and NBNS node types, etc. etc. > >> > >> Right. > >> > >> > If DHCP on Windows detects another DHCP server, it'll automatically > >> > shut itself down to avoid fighting for control. > >> > >> That I didn't know. I'm not sure I like that. > >> > >> > I prefer running DHCP on Windows - especially in branch offices, I > >> > can go > >> one place and control everything and see everything. > >> > >> And it makes monitoring easier, too. From a security standpoint, this > >> is a win - knowing if new MAC addresses are picking up IP addresses > >> out of the pool is a good thing, and while it's possible to do this > >> with the Linux DHCP server (even easy, if your scripting skills are > >> good) it's just one more place to look. > >> > >> This is something to consider. > >> > >> Thanks, > >> > >> Kurt > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
