[c-nsp] Tracking down rogue DHCP server

Arie Vayner arievayner at gmail.com
Mon Aug 15 11:29:05 EDT 2005


What kind of switches are these?
Some of the newer types (like 3750, 3560 etc) support this feature:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225sec/3750scg/swdhcp82.htm#wp1078853

Arie

On 8/15/05, Eric Whitehill <ewhitehill at 702com.net> wrote:
> Hello:
> 
> Over the last couple of days, someone on one of our customer's sites has
> been putting up a rogue DHCP server and bringing down the customer's
> network.
> 
> We currently have all cisco switches within the network, and we are using a
> Cisco 2600 to hand out DHCP addresses to the customers.
> 
> While the customer's DHCP server is trying to hand out addresses from our
> assigned DHCP pool, the customer's rogue DHCP server is trying to hand out
> private addresses.  Thus, the problem.
> 
> I've thought about doing a check on the mac-address-table on the cisco, but
> there has to be an easier way (over 50 switches, which makes it prohibitive
> to do this)
> 
> I am trying to find an easy way to track down this rogue DHCP server and
> smack the user really really really hard.
> 
> Thanks, with LART in hand,
> 
> -Eric
> 
> --
> Eric Whitehill - 44.58.39N, 93.15.56W
> Data Network Engineer - 702 Communications - ewhitehill at 702com.net -
> ASN15267
> "Out the Gig-E, through the router, down the OC-12's, over the leased
> line, off the bridge, past the firewall...nothing but Net."
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list