+ Post New Thread
Results 1 to 12 of 12
Windows Thread, Windows Server 2008 RC0 in Technical; So I downlaoded it and installed loads of roles to have a look at including; IIS DHCP (some random IP ...
  1. #1
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,639
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    23

    Windows Server 2008 RC0

    So I downlaoded it and installed loads of roles to have a look at including;
    IIS
    DHCP (some random IP range not like the one we use)
    DNS
    File Server
    Print Server
    DC

    Obviouslty I didn't add it to the domain, but it did have a network cable plugged into the wall that was patched in.

    Next day, half a room couldn't log in.

    After half an hour of puzzlement looking at the ipconfig on one of the broken machines it hit me like a light bulb, that's the range the 2008 server can allocate!

    Promptly turned the 2008 server off, rebooted the PCs and all is well again.

    What strikes me as odd though, it that a server that's not part of the domain was able to allocate IP addresses to my PCs.

    Thoughts?

  2. #2

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,417
    Thank Post
    644
    Thanked 965 Times in 665 Posts
    Blog Entries
    2
    Rep Power
    328

    Re: Windows Server 2008 RC0

    It doesn't matter if it's part of the domain or not.

    http://en.wikipedia.org/wiki/Dhcp_server#DHCP_discovery

  3. #3
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,639
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    23

    Re: Windows Server 2008 RC0

    So basically I could walk into any network in any place with a DHCP Server on my laptop, plug into a working point and break their entire network?

  4. #4

    Join Date
    Mar 2007
    Location
    Devon
    Posts
    1,048
    Thank Post
    226
    Thanked 63 Times in 56 Posts
    Rep Power
    30

    Re: Windows Server 2008 RC0

    The way i've always understood it is anything running DHCP will assign an IP to anything that asks regardless of domain. We have this issue in our boarding house's when kids bring in their broadband routers and plug in rather than a normal switch.

  5. #5

    Join Date
    Nov 2005
    Location
    North
    Posts
    1,885
    Thank Post
    25
    Thanked 93 Times in 73 Posts
    Rep Power
    51

    Re: Windows Server 2008 RC0

    Could it have something to do with the lovely new feature in 2008 called 'Network Access Protection'

    I'm quite interested in this but haven't had time to mess with it yet, there seems to be quite a few products coming out using similar stuff including Sophos.

    DHCP Enforcement
    DHCP Enforcement comprises a DHCP NAP ES component and a DHCP NAP EC component. Using DHCP Enforcement, DHCP servers can enforce health policy requirements any time a computer attempts to lease or renew an IP address configuration on the network. DHCP Enforcement is the easiest enforcement to deploy because all DHCP client computers must lease IP addresses. Because DHCP Enforcement relies on entries in the IP routing table, it is the weakest form of limited network access in Network Access Protection.


    Might be wrong but I HOPE this is what it does.

  6. #6
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,639
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    23

    Re: Windows Server 2008 RC0

    I wouldn't have thought so.

    Basically that is just when a computer does request an address, it is tested for settings to see if it meets requirements for AV, Firewall, Spyware etc etc.
    It is then either quarantined, or given access to updates to pass the tests etc.

    It's like what you can do with VPNs but on your network.

    I would say that's seperate to my issue of IPs being dished out from servers which aren't part of my domain.

  7. #7

    Join Date
    Jun 2005
    Location
    London, UK
    Posts
    115
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    21

    Re: Windows Server 2008 RC0

    A DHCP server with free addresses will offer an IP address to any network adapter that requests one. The domain is irrelevant. The client sends a broadcast to discover DHCP servers; from the looks of it your 2008 server was the first to respond with an address offer.

  8. #8
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,639
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    23

    Re: Windows Server 2008 RC0

    Ok so I now understand that it's possible.

    Is there not a way to stop it? Is it only me who is slightly disturbed that anyone could come and screw up your entire system logging on with just a laptop?

  9. #9

    Join Date
    Oct 2007
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Windows Server 2008 RC0

    not even a laptop, any sort of tiny consumer router...we have a problem with students bringing down half the network accidentally way more often then it should.

  10. #10

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,323
    Thank Post
    903
    Thanked 1,801 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    467

    Re: Windows Server 2008 RC0

    You could use static IP addresses or reserved IP addresses for all devices & have no DHCP server. This would also reduce the risk of outsiders gaining access to the network.

  11. #11

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,248
    Thank Post
    1,059
    Thanked 1,069 Times in 625 Posts
    Rep Power
    740

    Re: Windows Server 2008 RC0

    I can't remember the order of the top of my head, but when a client is joining or logging on to a network, there is an order of events it does whilst doing so - example - checks Netbios name, then DNS, then DHCP, then WINs etc - there is more to it than that - I used to have a silly saying in my head to make me remember - all MS clients do it [ I think, well they did up to NT4 or 2000 ] - so if a client sees anything giving out IP addresses then it will go for it unless configured otherwise.
    If only I could remember the daft saying that used to remind me what the order was !!!

  12. #12
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: Windows Server 2008 RC0

    Quote Originally Posted by mrforgetful
    Ok so I now understand that it's possible.

    Is there not a way to stop it? Is it only me who is slightly disturbed that anyone could come and screw up your entire system logging on with just a laptop?
    If you really want to prevent this, one way would be to use switches that lock themselves to the MAC address of the connected device.

    Any ports that are not connected are deactivated automatically.

    If a student brought in a laptop and plugged it into an empty port, they would not be able to access the network (and therefore DHCP server would not be able to hand out IP addresses).

    If they unplugged a PC and plugged the laptop in, the switch would lock the port out as soon as it detected the new MAC address.

    In theory, the only way around this would be the the laptop to spoof the MAC address of the PC that was plugged in. Perfectly possible of course.



SHARE:
+ Post New Thread

Similar Threads

  1. Windows Server 2008
    By Quackers in forum Windows
    Replies: 56
    Last Post: 7th February 2008, 09:39 PM
  2. Windows Server 2008 Slips Again
    By FN-GM in forum Windows
    Replies: 3
    Last Post: 31st August 2007, 05:58 PM
  3. Leaning network manager + windows server 2008
    By nicholab in forum Learning Network Manager
    Replies: 0
    Last Post: 18th July 2007, 09:35 AM
  4. Replies: 5
    Last Post: 6th July 2007, 02:10 PM
  5. Windows Server 2008
    By GrumbleDook in forum Books and Manuals
    Replies: 1
    Last Post: 28th June 2007, 11:51 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •