[c-nsp] Tracking down rogue DHCP server
Eric Whitehill
ewhitehill at 702com.net
Mon Aug 15 09:56:24 EDT 2005
Hello:
Over the last couple of days, someone on one of our customer's sites has
been putting up a rogue DHCP server and bringing down the customer's
network.
We currently have all cisco switches within the network, and we are using a
Cisco 2600 to hand out DHCP addresses to the customers.
While the customer's DHCP server is trying to hand out addresses from our
assigned DHCP pool, the customer's rogue DHCP server is trying to hand out
private addresses. Thus, the problem.
I've thought about doing a check on the mac-address-table on the cisco, but
there has to be an easier way (over 50 switches, which makes it prohibitive
to do this)
I am trying to find an easy way to track down this rogue DHCP server and
smack the user really really really hard.
Thanks, with LART in hand,
-Eric
--
Eric Whitehill - 44.58.39N, 93.15.56W
Data Network Engineer - 702 Communications - ewhitehill at 702com.net -
ASN15267
"Out the Gig-E, through the router, down the OC-12's, over the leased
line, off the bridge, past the firewall...nothing but Net."
More information about the cisco-nsp
mailing list