Consider the following scenario. You run the Configure Your Server Wizard on a
Windows Server 2003-based or Windows Small Business Server 2003 (Windows
SBS)-based computer. The network trace shows that the DHCP Discovery process occurs unexpectedly. This
process uses a media access control (MAC) address that is unrelated to the
addresses of the
physical network adapters in the computer.
In
addition, the packet that is received contains a domain that is named "DETECTIVE." This DETECTIVE domain appears in
the DHCP table. This domain does not exist in the network to which the server
is connected.
Back to the top
This behavior occurs because the server sends a Dynamic Host Configuration
Protocol (DHCP) INFORM message to the network. This DHCP INFORM message
contains a MAC address that is unrelated to the addresses to which the physical
network adapters are assigned. The
packets are
expected.
Therefore, the packets are
not seen
as
malicious.
Back to the top
This is a feature of the Configure Your Server Wizard. The Configure Your
Server Wizard checks whether
a DHCP server exists. The Configure Your Server Wizard does not perform this check if
the server is running Routing and Remote Access, a Domain Name System (DNS)
server, or a DHCP server. When the server is behind a firewall, the firewall
may drop the packets that are sent to the server until a timer expires on the
firewall side. When
the packets are dropped, a
short absence of network traffic
occurs.
Back to the top