[clug] detecting rogue dhcp servers
Kim Holburn
kim.holburn at anu.edu.au
Tue Jan 18 05:58:19 GMT 2005
The problem with nmap is that rogue DHCP servers can use a completely
different IP range than your network so any IP thing may never see
them.
On 2005 Jan 18, , at 4:24 PM, Tomasz Ciolek wrote:
> Also could run nmap and look for port 67/tcp and 67/udp
>
> Tomasz
>
>
> On Tue, Jan 18, 2005 at 04:09:02PM +1100, Alex Satrapa wrote:
>> On 18 Jan 2005, at 16:02, Kim Holburn wrote:
>>
>>> Does anyone know of software that detects "rogue" dhcp servers?
>>
>> Snort does[1]. Trust the pig.
>>
>> Alex
>>
>> 1. http://www.mcabee.org/lists/snort-users/Oct-03/msg00830.html
Nice but the DHCP server normally does not answer a broadcast DHCP
request with a broadcast, it answers a request with an ethernet packet
to the MAC address of the client, so I'll never see it on a switched
network. I think the simplest way would be a program that pretends to
be a machine in need of an IP number.
>>
>> --
>> linux mailing list
>> linux at lists.samba.org
>> https://lists.samba.org/mailman/listinfo/linux
>
> --
> Tomasz M. Ciolek
> ***********************************************************************
> ********
> tmc at dreamcraft dot com dot au
> ***********************************************************************
> ********
> GPG Key ID: 0x41C4C2F0
> GPG Key Fingerprint: 3883 B308 8256 2246 D3ED A1FF 3A1D 0EAD 41C4
> C2F0
> Key available on www.pgp.net
> ***********************************************************************
> ********
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>
--
Kim Holburn
Network Manager
National Information and Communication Technology Australia
Ph: +61 2 61258620 M: +61 417820641
Email: kim.holburn at anu.edu.au - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/index.php?id=16 ->
http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD]
http://www.saqqara.demon.co.uk/datefmt.htm
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the linux
mailing list