[c-nsp] Tracking down rogue DHCP server
Saku Ytti
saku+cisco-nsp at ytti.fi
Mon Aug 15 10:51:17 EDT 2005
On (2005-08-15 10:23 -0400), Justin M. Streiner wrote:
> > if you have the mac address, you can start with one switch and do a
> > "show mac <mac addr>" to find the port the next switch is on. Repeat
> > until you get to the switch that actually has the device connected to
> > it. Maybe there's an easier way but that's how I've done it in the
> > past.
>
> If the infrastructure is new enough to support it, DHCP snooping may help
> track and shut down the offending server.
If I understand dhcp snooping correctly, deploying it properly would
have prevented this attack in the first place.A
Now when do we get rid of switches all together in favor of rbridges :)
L2 seems to be very dangerous as all too often it's trivialized, which
probably has bitten most of us, I know it's bitten me.
--
++ytti
More information about the cisco-nsp
mailing list