Rouge dhcp server on WAN

itpp21

Hello, I have an unwanted (rouge) dhcp server on the WAN side, the ISP is not doing anything about it and I am looking for a way to block this server. (Netgate SG-5100)

Gertjan

@itpp21 : just stop to interact with it ?

Check the advanced DHCP client option :

where you will find :

itpp21

@gertjan Tried that already but it does not stop the requests, eventually it does a 255.255.255.255 and the proper dhcp server replies, 12 hours later the show starts again. I would like to block this server completely from the WAN if possible.

Gertjan

@itpp21 said in Rouge dhcp server on WAN:

it does not stop the requests

The client makes the requests == DHCPDISCOVER and the rogue DHCP might answer with a IP and network : up to you to refuse that network ( IP ).

itpp21

@gertjan I understand what it does but it would be nice if you could block them completely on the WAN side, can you or anyone else confirm if this is possible or not?

Gertjan

By RFC the DHCP client is broadcasting. So any server type that can receive the answer can also reply.
The real solution would be : kill this rogue device.
Or have it killed, as only your ISP is (should !) capable of controlling your WAN network.

itpp21

I agree the ISP should take action (unless this is part of a lawfull interception package) but I can't see them do anything, they haven't even acknowledged they are causing a potential problem.

itpp21

See solution:
https://forum.netgate.com/topic/141362/dhcp-client-unable-to-get-lease-from-cable-provider-solved/4?_=1614433865506