How to detect rogue DHCP servers on the internal network?
-
Hi,
I run the network at a dormitory where we from time to time see people install their wifi routers incorrectly, causing a rogue DHCP server to show up on the network, causing mischief for us.
Is it possible to set-up a service on pfSense that automatically detects if rogue DHCP servers are present on the network?
Regards, Egil.
-
If you have windows here is a older tool that still works
http://blogs.technet.com/b/teamdhcp/archive/2009/07/03/rogue-dhcp-server-detection.aspx
But it would be better to prevent than detect wouldn't it - what switches are you using?
http://en.wikipedia.org/wiki/DHCP_snooping
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/snoodhcp.htmlin linux use dhcp probe
-
Hi John,
Unfortunately, the network topology is the worst kind of homemade, with only a few managed switches here and there, and bad cabling to top it of.
The switches that can best be described as being the backbone are two ZyXEL GS2200-24P and a Dell PowerConnect 2724.I don't know much about DHCP snooping, how to set it up etc., so any advice is welcome indeed. Is it possible on a switch level to block DHCP ACK's that are not coming from a specific MAC address?
-
Well your not going to be able to run dhcp snooping unless your switches support it. And all the switches would need to be able to do it, not just a couple of them. Or you still would have problems with people connected to the same switch that is down stream from your managed switch..
I can not believe a school network would run on such crap?
I would think a school would run decent hardware? How does tuition not cover a decent network - shit doesn't the school have a computer science program? This would all be hand on stuff that should be talk in the classes..
