Steven
Tue Mar 22 23:10:39 CST 2005
That is strange unless router discovery protocol was enabled which it should
not be by default. I have never been fortunate enough to experience it to
comment much beyond that except that I wish you luck in preventing future
problems. --- Steve
"Berni" <btarillion@yahoo.com> wrote in message
news:u5k9kfrLFHA.3760@TK2MSFTNGP12.phx.gbl...
> Thanks Steven for the feedback.
> Unfortunetyl I don't know the configuration of the DSL router that was
> attached to our LAN, the strange thing is that the IP has remain from our
> official DHCP server, only the Gateway was changed...
>
> Best regards,
>
> Berni
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:uRg4yZlLFHA.3928@TK2MSFTNGP09.phx.gbl...
>> You might also want to post your question in one of the Microsoft
>> networking newsgroups such as for win2000 or server. What could have
>> happened is that your computers were responding to the DHCP server built
>> into the NAT router. An Ipconfig /all could confirm that or not.
>> According to the link below router discovery protocol is disabled by
>> default in at least Windows 2000. Either way it is a bad situation and at
>> minimum you should have a computer/network user policy that prohibits
>> such activity with defined consequences and signed by all users with the
>> signed copy in their file. In my opinion something like this should
>> warrant at least a three day work/school suspension. If this was a
>> wireless device it could also expose your network to the world.
>>
>> Technical solutions could be filtering at your switches. Many managed
>> switches can block port access by not allowing unauthorized mac addresses
>> to access the port. Mac filtering can be spoofed by determined users but
>> that should call for termination. 802.1X switch access can be much more
>> effective that mac filtering but it also has some vulnerabilities and is
>> much more difficult to configure in that it requires the use of
>> compatible operating systems, A Certificate Authority on the network to
>> issue all computers certificates, and the use of IAS for computer
>> authentication. Ipsec normally is a good strategy to protect network
>> resources but ipsec currently can not effectively control DHCP traffic
>> since it is mostly broadcast based. --- Steve
>>
>>
>>
http://support.microsoft.com/default.aspx?scid=kb;en-us;269734
>>
>> "Berni" <btarillion@yahoo.com> wrote in message
>> news:OU%23$GDfLFHA.2252@TK2MSFTNGP15.phx.gbl...
>>> Hi all,
>>> Last week we had somebody at our LAN plugging an ADSL router configured
>>> with Ip address 192.168.1.1 and RIP v1
>>> , of course the router started to broadcast it's presence ...
>>> Most if not all Workstations accepted the broadcast and took 192.168.1.1
>>> as their GW instead of the DHCP supplied one even the one with SP2 FW ..
>>> Needless to say that it was a chaos .
>>> Is this a normal behaviour ? ( 192.168.1.1 is Not in the subnet of the
>>> Lan interface of the PC !)
>>>
>>> what can I do to avoid that in the future ?
>>>
>>> Thanks in advance for any ideas / feedbacks.
>>>
>>> Best regards,
>>>
>>> Berni
>>>
>>>
>>
>>
>
>