[TCLUG] rogue DHCP server

Wed Sep 12 14:37:56 CDT 2001

What I've done is start tcpdump and initiate a dhcp request.  Hopefully the
rogue one responds first, if so, you take it's MAC address, and log into
your switch (if it's managed), and view the arp table to see which port it's
plugged into.

> -----Original Message-----
> From: Joshua b. Jore [mailto:josh at greentechnologist.org] 
> Sent: Wednesday, September 12, 2001 2:01 PM
> To: tclug-list at mn-linux.org
> Cc: amy at real-time.com
> Subject: Re: [TCLUG] rogue DHCP server
> 
> 
> Perhaps I'm being naive here but couldn't you run tcpdump, 
> make dhcp requests and watch for replies? That seems like a 
> much more straight forward proposition than hunting around by 
> unplugging cables.
> 
> Joshua Jore
> Minneapolis Ward 3, precinct 10
>   "The irony of this man being imprisoned in the United 
> States and longing to return to once-Communist Russia so he 
> can regain his right to free speech is simply staggering." - 
> someone else
> 
> On Wed, 12 Sep 2001, Munir Nassar wrote:
> 
> > I had this problem once, here is how we resolved the problem
> >
> > run Winipcfg and find the Servers IP address
> > Ping the address from a machine plugged into your backbone start 
> > unplugging segments from your network, when ping fails the you have 
> > narrowed it down to a segment...
> >
> > now if you cannot ping (if it is an invalid IP for example) keep 
> > requesting IPaddresses while you unplug segments...
> >
> > I think this may be the brute force way of doing things, but it 
> > works...
> >
> >  -munir
> >
> > >>> Amy Tanner <amy at real-time.com> 09/12/01 10:21 AM >>>
> > Any tips for finding a rogue DHCP server, that is a device 
> answering 
> > DCHP requests?  I'm having a problem where some device must be 
> > answering DHCP requests and offering 192.168.1.X addresses, that 
> > shouldn't be.
> >
> > Thanks.
> > --
> > Amy Tanner
> > amy at real-time.com _______________________________________________
> > tclug-list mailing list
> > tclug-list at mn-linux.org
> > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> >
> > _______________________________________________
> > tclug-list mailing list
> > tclug-list at mn-linux.org 
> > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> >
> 
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org 
> https://mailman.mn-> linux.org/mailman/listinfo/tclug-list
> 