[c-nsp] Tracking down rogue DHCP server
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Aug 15 11:34:45 EDT 2005
Hi,
> Over the last couple of days, someone on one of our customer's sites has
> been putting up a rogue DHCP server and bringing down the customer's
> network.
using DHCP snooping would prevent end ports being able
to send out lovely DHCP services. it can also help
to report - but another way of nailing this user
is to use the 'roguedetect' program coutesy of Oregon State
University (if you are able to listen to traffic via
a monitoring box)...
http://osuosl.org/projects/roguedetect/download
both methods have been of enormous use to us in the past!
alan
More information about the cisco-nsp
mailing list