Rogue DHCP server...

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

As you will notice from my WIP, I am currently studying for the N+.

One of the questions I have seen in a couple of the books I am reading is about someone having problems accessing a server on the LAN. When that person pings both the hostname and IP address of the server, the ping fails. It transpires that, when I run ipconfig, I see that the client machine has an IP address that isn't in the correct subnet.

The reason for this is that someone has put a rogue DHCP server on the LAN...

Can I please ask you uber techies out there: how often would something like that happen?

Ta.

John

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

More often than it should!

A typical senario we get here is someone adds a WiFi router to a company network without first clearing it with the admins!

Harry.

 

Yeah most routers now a days have their own built in dhcp server which is usually switched on by default, so it doesn't take much for someone to plonk a dhcp server on the network and cause problems!

 

Thanks for the replies guys... now I realise how it could happen... thanks again...

 

Yeps - as well as the earlier replies (both Harry and Stoney are correct, especially in smaller office environments this type of thing happens regularly), there are also plenty of scenarios where someone nefarious would do this deliberately. An unauthorised DHCP server can be an absolute bloody nightmare security-wise - just imagine someone deliberately installing a DHCP server that had the default gateway set to an IP of their choosing... it doesn't bear thinking about!

 

thats a good un that one - nice to pick up a few little top-tips like this!

 

Hi,

Just to add to the above experiences - I work on an oil platform where we have many 3rd parties come and go requiring various network connectivity, we had one 3rd party connect in their router to the network to try and get Internet access. Took the IT bods a couple of days to try and track down where the rogue DHCP server was!

 

Keep in mind that under a Windows 2003 domain DHCP Servers need to be authorized in AD before they can service clients....

 

...in the domain. But I can attach a rogue DHCP server and service as many non-domain clients as I want.

 

This has been the case since Windows 2000 Server.

However, it only works with *Microsoft* DHCP servers, that by design ask for permission, if you will, before they start handing out leases.

The small plastic boxes you can buy in PC world etc, are not programmed to ask permission before they start handing out leases.. plug them in on a Windows server AD based DHCP network and they will be a rouge.

 

All of which proves the need for a NAC solution in anything approaching an enterprise. Don't mean shite if you've got a rogue DHCP server on your LAN if it gets tarpitted the instant your NAC box sees it

 

NAC Box? Just 'googling' ... I'll be back...

Back.... Network Access Control... riiight... pre-admission checks. And that would stop a rogue DHCP 'server'?

 

Source

I note the article is not new, maybe things have improved?

 

This the info I found...