I'm not a huge expert on all of this, but here are a couple of thoughts... Unless you're monitoring IP/MAC addresses to try and detect spoofing, knowing a machine's IP address is already useless from a security POV. Even then, MAC addresses can be spoofed. Given that, DHCP can't really make things much worse :) Another problem is that ISTR some mis-configured Win2K boxes run a DHCP server by default, and some mis-configured students will doubtless enjoy bringing rogue servers onto your network. You should make sure to look out for any unauthorised DHCP-offer packets floating around. Similarly, students could potentially use a rogue DHCP server as the first stage in an attack against another machine. This would be a lot of work, though - anyone smart enough to do this is probably wouldn't need to change their marks on the exam :) - Andrew Sayers
Attachment:
pgpwDbtRGiAIp.pgp
Description: PGP signature