Port 25 - Communications from the open source community at Microsoft
< Back to Blogs
Technical Lab Analysis: ISC DHCP by jcannon on July 26, 2006 01:37AM

In addition to technical tips, blogs and video interviews, the Open Source Software Lab at Microsoft conducts a number of technical analysis and research projects throughout the year to help inform and solve key interoperability challenges between Microsoft and open source technologies. Since our launch, we've been working on a number of projects, the first of which we would like to share today.

Abstract:
The Open Source Software Lab at Microsoft is a key advocate within Microsoft for interoperability with Open Source technologies.  In order to drive discussions and engineering plans around interoperability, we need to initially build a core knowledge base in the particular technology which we can share with product and field teams.

This paper is the first in a four part series on Linux networking technologies: DHCP, IPSEC/VPN, RADIUS, and DNS.

The capabilities of a leading Open Source DHCP software package, ISC DHCP Server, are the focus of this document. The analysis concentrates on the manageability aspects of the ISC DHCP server and provides an overview from the point of view of the Open Source Software Lab, where the DHCP Server was installed, configured and tested. The intent of the document is to pass on the hands on experience gained from the installation, configuration and testing experience.

Download the Networking Roles Analysis Paper: ISC DHCP (PDF, 556KB)

Attachment: http://port25.technet.com/videos/research/OSSL%20Networking%20Analysis.pdf
Comments RSS
  1. fluke said:

    This guide is a nice start.  I look forward to seeing the next set of guides.

    "Rogue detect" is no longer available.  The Freshmeat page still exists but both of the links provided go to 404.  But since it is under the GPL, you can put up your own mirror of the package.

    A rogue dhcp server will usually cause ISC DHCPD to log entries as clients attempt to request a lease for the invalid IP.  It will appear as:

    dhcpd: DHCPREQUEST for 192.168.1.101 from 00:1a:2b:3c:4d:5f via 10.200.200.1: ignored (not authoritative).

    Note that in the example the 192.168.1.101 is the IP address of the *client* and not the IP address of the rogue dhcp server.

    You can also use snort to log rogue DHCP servers:

    var DHCP_SERVERS [10.200.200.5,10.200.250.8]

    alert udp !$DHCP_SERVERS 67 -> any 68 (msg: "Rogue DHCP server...");

    The best method of addressing rogue DHCP servers is to block them at the switch such as using Cisco DHCP snooping feature.

    I was expecting to see something in the guide about DHCP option 60 and option 43 such as:

    option space MSFT;

    option MSFT.DisableNetBIOS      code 1  = unsigned integer 32;

    option MSFT.ReleaseOnShutdown   code 2  = unsigned integer 32;

    option MSFT.DefaultRouteMetric  code 3  = unsigned integer 32;

    if substring (option vendor-class-identifier, 0, 4) = "MSFT" {

     vendor-option-space MSFT;

     option MSFT.DisableNetBIOS = 1;

    }

    Another interesting feature is being able to allow or deny "known clients" from different subnet pools.  This is the basis by which Southwestern University's NetReg system works.  It is available under the GPL from netreg.org

    posted at 04:52PM 07/26/2006
Post a Comment
*
*  

Server Center

Search
About jcannon

jcannon My first interaction with computers was in... More...

Read jcannon's Posts Subscribe tojcannon's Posts
Recent Posts by jcannon
 
Archive