[clug] detecting rogue dhcp servers

Kim Holburn kim.holburn at anu.edu.au
Tue Jan 18 05:58:19 GMT 2005 

The problem with nmap is that rogue DHCP servers can use a completely  
different IP range than your network so any IP thing may never see  
them.

On 2005 Jan 18, , at 4:24 PM, Tomasz Ciolek wrote:

> Also could run nmap and look for port 67/tcp and 67/udp
>
> Tomasz
>
>
> On Tue, Jan 18, 2005 at 04:09:02PM +1100, Alex Satrapa wrote:
>> On 18 Jan 2005, at 16:02, Kim Holburn wrote:
>>
>>> Does anyone know of software that detects "rogue" dhcp servers?
>>
>> Snort does[1]. Trust the pig.
>>
>> Alex
>>
>> 1. http://www.mcabee.org/lists/snort-users/Oct-03/msg00830.html

Nice but the DHCP server normally does not answer a broadcast DHCP  
request with a broadcast, it answers a request with an ethernet packet  
to the MAC address of the client, so I'll never see it on a switched  
network.  I think the simplest way would be a program that pretends to  
be a machine in need of an IP number.

>>
>> --  
>> linux mailing list
>> linux at lists.samba.org
>> https://lists.samba.org/mailman/listinfo/linux
>
> --  
> Tomasz M. Ciolek	
> *********************************************************************** 
> ********
>  tmc at dreamcraft dot com dot au
> *********************************************************************** 
> ********
>    GPG Key ID:		0x41C4C2F0
>    GPG Key Fingerprint: 3883 B308 8256 2246 D3ED  A1FF 3A1D 0EAD 41C4  
> C2F0
>    Key available on www.pgp.net	
> *********************************************************************** 
> ********
> -- 
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
-- 
Kim Holburn
Network Manager
National Information and Communication Technology Australia
Ph: +61 2 61258620 M: +61 417820641
Email: kim.holburn at anu.edu.au  - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/index.php?id=16 ->  
http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.

Use ISO 8601 dates [YYYY-MM-DD]  
http://www.saqqara.demon.co.uk/datefmt.htm
Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list