Re: How to avoid router broadcast to windows clients?
From: Berni (btarillion_at_yahoo.com)
Date: 03/22/05
- Next message: Ron J: "RE: Startup Accounts"
- Previous message: Roger Abell: "Re: Service Pack 2"
- In reply to: Steven L Umbach: "Re: How to avoid router broadcast to windows clients?"
- Next in thread: Steven L Umbach: "Re: How to avoid router broadcast to windows clients?"
- Reply: Steven L Umbach: "Re: How to avoid router broadcast to windows clients?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Mar 2005 09:19:35 +0100
Thanks Steven for the feedback.
Unfortunetyl I don't know the configuration of the DSL router that was
attached to our LAN, the strange thing is that the IP has remain from our
official DHCP server, only the Gateway was changed...
Best regards,
Berni
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uRg4yZlLFHA.3928@TK2MSFTNGP09.phx.gbl...
> You might also want to post your question in one of the Microsoft
> networking newsgroups such as for win2000 or server. What could have
> happened is that your computers were responding to the DHCP server built
> into the NAT router. An Ipconfig /all could confirm that or not. According
> to the link below router discovery protocol is disabled by default in at
> least Windows 2000. Either way it is a bad situation and at minimum you
> should have a computer/network user policy that prohibits such activity
> with defined consequences and signed by all users with the signed copy in
> their file. In my opinion something like this should warrant at least a
> three day work/school suspension. If this was a wireless device it could
> also expose your network to the world.
>
> Technical solutions could be filtering at your switches. Many managed
> switches can block port access by not allowing unauthorized mac addresses
> to access the port. Mac filtering can be spoofed by determined users but
> that should call for termination. 802.1X switch access can be much more
> effective that mac filtering but it also has some vulnerabilities and is
> much more difficult to configure in that it requires the use of compatible
> operating systems, A Certificate Authority on the network to issue all
> computers certificates, and the use of IAS for computer authentication.
> Ipsec normally is a good strategy to protect network resources but ipsec
> currently can not effectively control DHCP traffic since it is mostly
> broadcast based. --- Steve
>
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;269734
>
> "Berni" <btarillion@yahoo.com> wrote in message
> news:OU%23$GDfLFHA.2252@TK2MSFTNGP15.phx.gbl...
>> Hi all,
>> Last week we had somebody at our LAN plugging an ADSL router configured
>> with Ip address 192.168.1.1 and RIP v1
>> , of course the router started to broadcast it's presence ...
>> Most if not all Workstations accepted the broadcast and took 192.168.1.1
>> as their GW instead of the DHCP supplied one even the one with SP2 FW ..
>> Needless to say that it was a chaos .
>> Is this a normal behaviour ? ( 192.168.1.1 is Not in the subnet of the
>> Lan interface of the PC !)
>>
>> what can I do to avoid that in the future ?
>>
>> Thanks in advance for any ideas / feedbacks.
>>
>> Best regards,
>>
>> Berni
>>
>>
>
>
- Next message: Ron J: "RE: Startup Accounts"
- Previous message: Roger Abell: "Re: Service Pack 2"
- In reply to: Steven L Umbach: "Re: How to avoid router broadcast to windows clients?"
- Next in thread: Steven L Umbach: "Re: How to avoid router broadcast to windows clients?"
- Reply: Steven L Umbach: "Re: How to avoid router broadcast to windows clients?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
