Re: DHCP issues Subnet IP to computer on another domain
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: Sat, 11 Dec 2004 09:14:15 -0700
The machine has to be inside the perimeter, that is, within the
set of subnets to which the DHCP DORA broadcast messages
are allowed to route. If everything is now behind your ISA
then the machine is also.
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "Bill" <Bill@discussions.microsoft.com> wrote in message news:299106A9-423D-49FE-9526-5189F19E9065@microsoft.com... > For the past year our firewall has been managed by a third party, our ISP. > About 2 weeks ago, I looked at the DHCP clients that were being issued IP > addresses and noticed for a computer that is not on our domain and was in > fact on another domain. I deleted it and the next day found that the lease > had been renewed. Over the weekend I disconnected the third party firewall > and installed an ISA 2004 Server and deleted the computer from the the scope. > It has again renewed it's lease. We have several users that use RDP to > access our terminal server and we have an Exchange 2003 server with POP3. I > have checked and none of our users are logging in from a computer with this > particular name or from that domain. Have we been HACKED or is there another > explanation? > -- > Many thanks, > > Bill