Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Dhcdrop - tool to search and suppression of third-party DHCP-server

    DHCP and DNS
    2
    2
    1882
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • werter
      werter last edited by

      I found very nice tool to search and suppression of third-party DHCP-server in lan (http://www.netpatch.ru/dhcdrop.html (use google translate))
      Who can make a package with GUI for pfsense ?

      P.s. Detailed description of the installation and startup  (http://forum.nodeny.com.ua/index.php?topic=12.15 post from Gray) :

      Set dhcdrop:
      cd / usr / ports / net-mgmt / dhcdrop
      make install clean

      Configuring automatic startup:
      ee / usr / local / etc / rc.d / dhcdrop.sh

      Insert the following script provided by Andrey Zentavr - rights, to their needs

      #! / usr / local / bin / bash

      (C) 2009, Andrey Zentavr

      To use this software, please install port from / usr / ports / net-mgmt / dhcdrop

      Or download port tarball from http://www.freebsd.org/cgi/cvsweb.cgi/ports/net-mgmt/dhcdrop/dhcdrop.tar.gz?tarball=1

      And unpack it into / usr / ports / net-mgmt / dhcdrop

      Legal DHCP Serverz, space separated mac address

      LEGAL_SERVERS = "00:15:17: b8: f9: 1e 00:15:17: b8: f9: 1f 00:1 b: 21:21:83: d5"

      Gw1: em0 vlan *** gw1: em1 nodeny: em0

      DROPPER = "/ usr / local / sbin / dhcdrop"
      IFNAME = "em0 vlan10 vlan30" # Interfaces on our Router, space separated
      PARAMS = "-t-m 3"

      Lets Go!

      Legal params

      for mac in $ {LEGAL_SERVERS}; do
          LMAC = "$ {LMAC}-l $ {mac}"
      done

      echo $ {LMAC}

      Discovering on every interface

      for IF in $ {IFNAME}; do
         echo "Processing interface $ {IF}"
         # Test to any DHCP-Server
         $ {DROPPER}-i $ {IF} $ {LMAC} $ {PARAMS}
       
         # Check for status 200
         if [$? = 200]; then
             echo "Illegal server found on $ {IF}! Dropping him!"
             $ {DROPPER}-i $ {IF} $ {LMAC}-y
         else
             echo "Illegal server not found on $ {IF}."
         fi
      done

      echo "All done"

      Set the right to read:
      chmod 500 / usr / local / etc / rc.d / dhcdrop.sh

      Put this in the crontab for the periodic system start-up, in this example, every 30 minutes
      ee / etc / crontab
      0,30 **** / usr / local / etc / rc.d / dhcdrop.sh # dhcdrop - a means to locate and suppress third-party DHCP-server

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        take a look on https://github.com/bsdperimeter/pfsense-packages

        ipguard is a small package that you can base yours.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy