Thanks for all the replies. I can see now that my first thought on it was correct-ie that the DHCP process takes place first and below the domain radar so to speak, I was trying to work out whether there was any 'MS' way of preventing this. I can see that using the switch based solution might be good and I will check out Oliver's suggestion too. Further to this, how does spoofing the MAC address affect the whole leasing process? Especially if there is already a card with the same MAC on the subnet?
Regards Murad Talukdar -----Original Message----- From: Oliver Schneider [mailto:[EMAIL PROTECTED] Sent: Thursday, December 22, 2005 1:19 AM To: Murad Talukdar Subject: Re: prevent DHCP server giving out leases to non-domain machines? Security Focus admins usually refuse my mails for whatever reason, so I reply directly. You can forward this to the mailing list! I've written a DHCP extension DLL which was tested on Windows 2000 and takes a configuration file similar to the one Apache uses. The older version is available from my website and was implemented in Delphi: http://assarbad.net/stuff/!export/mackerer.rar A newer version with the Apache-like conf file is still on my hard drive and is in use in our Server/Client environment for almost 2 years now and has proven stable. However, both were implemented for Windows 2000 and I need to check compatibility with Windows 2003. Cheers, Oliver > --- Ursprüngliche Nachricht --- > Von: Murad Talukdar <[EMAIL PROTECTED]> > An: [email protected] > Betreff: prevent DHCP server giving out leases to non-domain machines? > Datum: Wed, 21 Dec 2005 11:59:33 +1000 > > Hi, > Is there a way to stop a W2003 DHCP server from giving out leases for IP's > if a machine does not belong to the domain? > Or is this a fruitless question that someone simply needs to point out > something very simple to me. > > A machine can't join the domain if it doesn't have an IP first(chicken and > egg type thing) I can see that but obviously I'm missing something > here-perhaps it's a question of layers-the domain is working at a 'higher' > layer? > Kind Regards > Murad Talukdar > > > > > > > --------------------------------------------------------------------------- > --------------------------------------------------------------------------- > -- --------------------------------------------------- May the source be with you, stranger ;) ICQ: #281645 URL: http://assarbad.net --------------------------------------------------------------------------- ---------------------------------------------------------------------------
