Back To Basics: Windows 2000 Rogue DHCP Server Detection?

By ServerWatch Staff (Send Email)
Posted Oct 8, 2000


Thomas Shinder

The Dynamic Host Configuration Protocol is one of the unsung hero's of the network administrator. Without the help of DHCP and DHCP Servers, we would be thrust into a life of constant battle against entropy of our IP addressing scheme. We would live the listless life of an inventory specialist, continuously having to record and record IP addresses for the machines on our network.

The Dynamic Host Configuration Protocol is one of the unsung heros of the network administrator. Without the help of DHCP and DHCP Servers, we would be thrust into a life of constant battle against entropy of our IP addressing scheme. We would live the listless life of an inventory specialist, continuously having to record and record IP addresses for the machines on our network.

However, the DHCP Server now does all the work for us. All we have to do is install the Windows 2000 DHCP Server, configure scopes and DHCP Options, and away we go. No muss, no fuss, and almost all the time, things work very nicely. The only chink is the armor is the broadcast nature of DHCP Client/Server communications. And although this provides one of its greatest strengths, it also creates one of its greatest weaknesses.

The Mysterious Network Glitch

As an experienced network administrator, you probably have had the experience of having someone "try out" a new DHCP Server on your production network. You probably also had to spend many long hours trying to figure out what the problem was after the "surprise" DHCP Server was brought online.

The core of the problem is that DHCP messages are broadcast messages, and any DHCP Server that hears the broadcast can respond to the DHCPDISCOVER message from a DHCP Client. Since any and all DHCP Servers within broadcast range of the DHCP client can respond to DHCP requests, if an unauthorized DCHP Server answers the request, there's a good chance that the information the DCHP Client receives from it will not be valid.

Page 1 of 3


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.