Reg: DHCP Server Advantages / Disadvantages

[1clue]

One thing we used to do with miscreants is give them a static IP with the DHCP server. They went into a separate VLAN (cable switch) and then we gave them a static address in the DHCP config.

Some people give every host a static IP. That gives you both a MAC address and an IP address, and you get quick easy lookups.

Setting up each MAC address for your 'normal' work VLANs is a pain in the rear, but doing so gives you the ability to track all sorts of things based on MAC address, and setting static IPs makes it easy to map that to an IP address. I did it for awhile and then just used grep on the dhcp config file to figure out who was who. It gets hard to manage though.

You'll want to disable normal domain users from network configuration on their machines, and you'll want to disable unknown network cards in most places.

You'll want to monitor unknowns coming in on your wireless, if you get the same one day after day it might be somebody's phone hitting facebook. We had our DNS cheat on the facebook.com domain, sending it to a "you better be working" page that printed the IP address, mac address and domain name. You have been logged.

The whole point of DHCP is that you, sitting at your desk in the IT department, can change network configuration on almost any device on the network. If you have really reliable servers you could make that most of the servers too, and the switches too.

The ultimate part of that is to use network boot images on all your basic desktop images. That makes it so you can make changes to your test box, save them to the net boot image and then in the morning EVERYONE who uses that image gets the same config change. It takes a bit to set up but it's well mapped ground. You can have several images for different departments or types of use. I'm a big fan of it but I've never done it in a real world scenario. The guy who took over after me did, and I was a bit jealous.

The problem with that is you need a bunch of the same type of workstation. Same basic CPU, roughly the same memory, same type of drives, same monitor resolution, same network card...

[SeijiSensei]

But tell me how do we identify the culprits in DHCP environment? For example if somebody has done something wrong which violates the company policy and their IP Address is traced, Using that IP Address we cannot make sure to figure out the user who breached the company policy as the IP will get renewed in given lease period.

There's really no need to have short lease periods on subnets where there are more addresses available than hosts. If you don't need to recycle addresses, just use long lease periods to create pseudo-static addresses. You can, of course, create static reservations for specific MAC addresses, but that's more work than using thirty- or ninety-day, or even longer leases.

Moreover, Windows clients request the same IP address when their leases expire. If the server has not already reassigned the address, they'll get the one they had before. I don't know how dhclient on Linux handles this, though. Still, if you use long leases, there won't be much of a problem.