Preventing Rogue DHCP Clients

By /


If you are using DHCP on your network and you want to prevent rogue clients from obtaining IP addresses from your DHCP server and participating on your network, your options are simple:



  1. Enforce rigorous physical security. If a hacker can get through the front door and connect a laptop to your network, they can do a lot worse stuff than steal an IP address!
  2. Use 802.1x or IPSec to secure your existing clients from rogue clients. This won’t prevent rogue clients from obtaining IP addresses however, just doing something useful with them.
  3. Use reservations for all your DHCP clients. In W2K3 you can use the getmac command to obtain the MAC address of a remote Windows machine if you know its IP address, and if you have a fairly small network you could write a script or batch file to run getmac for every IP address in each subnet.

About The Author

Mitch Tulloch is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top