I'm not a huge expert on all of this, but here are a couple of
thoughts...
Unless you're monitoring IP/MAC addresses to try and detect
spoofing, knowing a machine's IP address is already useless from a
security POV. Even then, MAC addresses can be spoofed. Given that,
DHCP can't really make things much worse :)
Another problem is that ISTR some mis-configured Win2K boxes run a DHCP
server by default, and some mis-configured students will doubtless enjoy
bringing rogue servers onto your network. You should make sure to look
out for any unauthorised DHCP-offer packets floating around.
Similarly, students could potentially use a rogue DHCP server as the
first stage in an attack against another machine. This would be a lot
of work, though - anyone smart enough to do this is probably wouldn't
need to change their marks on the exam :)
- Andrew Sayers
Attachment:
pgpwDbtRGiAIp.pgp
Description: PGP signature