General discussion

Locked

Securing DHCP

By Desktop Jinx ·
Is there a way to secure DHCP, i.e. respond only to DHCP requests from known hosts?

My Win2000 DHCP server gets requests from rogue devices connected to our network. Right now I have someone prowling DHCP daily and creating reservations for theserogues with a bad router address and bad DNS information so they can't get far, but this is chickenpoop security. I want to simply deny/ignore the rogues' request for an IP address.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Securing DHCP

by Joseph Moore In reply to Securing DHCP

Well, I found a Technet article that might work for you. Custom DHCP Client Identifiers for Windows NT (Q17240:
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q172408
(please remove any spaces)

It says that you can edit the Registry on all Windows DHCP clients, adding a record to the DHCPRequest packet that includes a machine identifier.
On the DHCP server, it will assign this specific machine to a specific IP address, and always assign the IP to the machine.
So, what Iguess you could do is set up all of your DHCP clients with this Registry hack, then have them all release/renew, to get their addresses assigned and marked as theirs, then modify your DHCP scope to ONLY include these IP addresses.
This way, the DHCP server will ONLY assign IP address 10.1.1.25 to machine MYWORKSTATION, no to just anyone issuing out a DHCP request.
This might help in your situation. I have never tried this, so I can't vouch for how well it works.
Give it a shot!

hope thishelps

Collapse -

Securing DHCP

by Desktop Jinx In reply to Securing DHCP

This defeats the purpose of DHCP. I'm better off assigning static addresses directly to my known workstations and turning DHCP off. Indeed, that's the environment from which we've come.

Collapse -

Securing DHCP

by curlergirl In reply to Securing DHCP

Are these rogues internal or external? If they're external, you need to make sure that you're router/firewall/proxy server is filtering out DHCP requests from external devices (I believe this is UDP port 6. If they're internal, then the previousanswer would seem to take care of it - except for the question as to why these devices are even being allowed to be connected to your network. Hope this helps!

Collapse -

Securing DHCP

by Desktop Jinx In reply to Securing DHCP

The rogues are internal. Users bring their personal notebooks and jack in. Departments contract directly with vendors to install equipment which includes PC components and they jack in. Policy of course forbids this, but no one outside the department takes it seriously.

Collapse -

Securing DHCP

by Rojiru In reply to Securing DHCP

I believe that you can deny/reject dhcp requests based upon the MAC address of a nic. You should be able to find the info in the dhcp leases log file.

G'Day,

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums