1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rogue DHCP server...

Discussion in 'Network+' started by GiddyG, Jan 14, 2008.

  1. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140
    As you will notice from my WIP, I am currently studying for the N+.

    One of the questions I have seen in a couple of the books I am reading is about someone having problems accessing a server on the LAN. When that person pings both the hostname and IP address of the server, the ping fails. It transpires that, when I run ipconfig, I see that the client machine has an IP address that isn't in the correct subnet.

    The reason for this is that someone has put a rogue DHCP server on the LAN... :blink

    Can I please ask you uber techies out there: how often would something like that happen?

    Ta.

    John
     
  2. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    More often than it should! :biggrin

    A typical senario we get here is someone adds a WiFi router to a company network without first clearing it with the admins!

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  3. Stoney

    Stoney Megabyte Poster

    731
    23
    69
    Yeah most routers now a days have their own built in dhcp server which is usually switched on by default, so it doesn't take much for someone to plonk a dhcp server on the network and cause problems! :dry
     
    Certifications: 25 + 50 metre front crawl
    WIP: MCSA - Exam 70-270
  4. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140
    Thanks for the replies guys... now I realise how it could happen... thanks again... :biggrin
     
  5. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Yeps - as well as the earlier replies (both Harry and Stoney are correct, especially in smaller office environments this type of thing happens regularly), there are also plenty of scenarios where someone nefarious would do this deliberately. An unauthorised DHCP server can be an absolute bloody nightmare security-wise - just imagine someone deliberately installing a DHCP server that had the default gateway set to an IP of their choosing... it doesn't bear thinking about!
     
    Certifications: A few
    WIP: None - f*** 'em
  6. supag33k

    supag33k Kilobyte Poster

    461
    19
    49
     
    Certifications: MCSE (NT4/2000/2003/Messaging), MCDBA
    WIP: CCNA, MCTS SQL, Exchange & Security stuff
  7. morph

    morph Byte Poster

    204
    3
    22
    thats a good un that one - nice to pick up a few little top-tips like this!
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  8. Kitwe

    Kitwe New Member

    1
    0
    1
    Hi,

    Just to add to the above experiences - I work on an oil platform where we have many 3rd parties come and go requiring various network connectivity, we had one 3rd party connect in their router to the network to try and get Internet access. Took the IT bods a couple of days to try and track down where the rogue DHCP server was!
     
  9. JohnBradbury

    JohnBradbury Kilobyte Poster

    372
    39
    52
    Keep in mind that under a Windows 2003 domain DHCP Servers need to be authorized in AD before they can service clients....
     
  10. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    ...in the domain. But I can attach a rogue DHCP server and service as many non-domain clients as I want.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  11. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    This has been the case since Windows 2000 Server.

    However, it only works with *Microsoft* DHCP servers, that by design ask for permission, if you will, before they start handing out leases.

    The small plastic boxes you can buy in PC world etc, are not programmed to ask permission before they start handing out leases.. plug them in on a Windows server AD based DHCP network and they will be a rouge.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  12. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    All of which proves the need for a NAC solution in anything approaching an enterprise. Don't mean shite if you've got a rogue DHCP server on your LAN if it gets tarpitted the instant your NAC box sees it :)
     
    Certifications: A few
    WIP: None - f*** 'em
  13. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140
    NAC Box? Just 'googling' ... 8) I'll be back...

    Back.... Network Access Control... riiight... pre-admission checks. And that would stop a rogue DHCP 'server'?
     
  14. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Source

    I note the article is not new, maybe things have improved?
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  15. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140
    This the info I found...
     

Share This Page

Loading...