GuidesBack To Basics: Windows 2000 Rogue DHCP Server Detection? Page 2

Back To Basics: Windows 2000 Rogue DHCP Server Detection? Page 2




Thomas Shinder

We call such an unauthorized DHCP Server a Rogue DHCP
Server
. Rogue DHCP servers will likely assign inaccurate IP addressing
information to DHCP clients, and in the process disrupt network communications
for these hapless DHCP clients.

Windows 2000 networks running only Windows 2000
DHCP servers can recognize and shut down rogue DHCP servers by keeping a list of
authorized DHCP servers in the Active Directory. Authorized Windows 2000
DCHP Servers in the same broadcast domain will shut down any Windows 2000 DCHP
Server that is not authorized in the Active Directory.

Rogue DHCP Server detection is very cool. However, it is
severely limited in its efficacy because only Windows 2000 DHCP servers can
detect rogue DHCP servers, and the rogue DHCP server must also be a
Windows 2000 DHCP Server. If someone were to introduce a Windows NT 4.0 or SCO
DCHP Server onto the network, the authorized Windows 2000 DCHP Servers on the
network would not shut down that DHCP Server.

How Rogue DHCP Server Detection Works

When a Windows 2000 DHCP server boots up, it broadcasts a
DHCPINFORM message to the local segment. The DHCPINFORM message contains Windows
2000 vendor-specific option codes that are interpreted by Windows 2000 DHCP
Servers. These vendor option types allow the Windows 2000 DHCP server to obtain
information about the network from other Windows 2000 DHCP servers on the
segment. Most specifically, they are able to obtain information about servers
that are authorized in the Active Directory.

The DCHPINFORM message includes a query asking about the
name and location of an Active Directory domain controller. All Windows 2000
DHCP Servers will reply with this information via a DHCPACK message. If DHCP
Servers from multiple domain are included on the same segment, then the
requesting machine will obtain information about domain controllers in each of
these domains.

After the DHCP Server obtains the information about the
location of a domain controller, it will query the Active Directory for the list
of authorized DHCP servers. If the querying DHCP Server’s IP address is on the
list, it will successfully initialize its DHCP Server service. If not, DHCP
server service will not initialize and will not be able to function as a DHCP
Server.

Latest Posts

Related Stories