Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: prevent DHCP server giving out leases to non-domain machines?

from [Slawek] Network Security [Permanent Link]
Subject: RE: prevent DHCP server giving out leases to non-domain machines?
Date: Wed, 21 Dec 2005 11:15:56 -0600 (GMT-06:00) 
There are DHCP products that require authentication prior to giving out
a DHCP address and these can be linked to AD.  This can be setup to
require a user to authenticate before the first IP address is handed


You mean: a machine that has been issued a NAT-based IP at boot time loads a 
GUI and envokes an authentication based interface which a user must complet in 
order to obtain an Internet IP?

Otherwise, the products you speak of probably doesn't interface with AD at the 
boot time because DHCP leasing happens before AD authentication. In other 
words, the network traffic during DHCP negotiation does not correspond to "AD 
domain membership". Instead, the DHCP Server software can probably lookup MAC 
address of the incoming request and check it against a database of *valid* MAC 
addresses. But these valid MACs dont necessarily mean that a DHCP request is 
coming from a particular machine, afterall, one can swap network cards in and 
out the computer or manually change the MAC address with software.
At some point in the past, Checkpoint was making a DHCP Server software which 
allowed you to build a dHCP database of IPs.

Slawek

-----Original Message-----

From: "Depp, Dennis M." <deppdm@ornl.gov>
Sent: Dec 21, 2005 8:45 AM
To: Murad Talukdar <talukdar_m@subway.com>, focus-ms@securityfocus.com
Subject: RE: prevent DHCP server giving out leases to non-domain machines?

There are DHCP products that require authentication prior to giving out
a DHCP address and these can be linked to AD.  This can be setup to
require a user to authenticate before the first IP address is handed
out.  During the renewals you might be able to use the Machine
authentication to renew an IP address.  

Dennis 

-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m@subway.com] 
Sent: Tuesday, December 20, 2005 9:00 PM
To: focus-ms@securityfocus.com
Subject: prevent DHCP server giving out leases to non-domain machines?

Hi,
Is there a way to stop a W2003 DHCP server from giving out leases for
IP's
if a machine does not belong to the domain? 
Or is this a fruitless question that someone simply needs to point out
something very simple to me.

A machine can't join the domain if it doesn't have an IP first(chicken
and
egg type thing) I can see that but obviously I'm missing something
here-perhaps it's a question of layers-the domain is working at a
'higher'
layer?
Kind Regards
Murad Talukdar






------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------




________________________________________
PeoplePC Online
A better way to Internet
http://www.peoplepc.com

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: prevent DHCP server giving out leases to non-domain machines?, Sean Warnock
Next by Date:  Re: prevent DHCP server giving out leases to non-domain machines?, James Eaton-Lee
Previous by Thread:  RE: prevent DHCP server giving out leases to non-domain machines?, Sean Warnock
Next by Thread:  RE: prevent DHCP server giving out leases to non-domain machines?, Murad Talukdar
Indexes:  [Date] [Thread] [Top] [All Lists]