Rogue DHCP server


It is annoying and disrupting to see duplicate IP in the LAN. We can use Microsoft RogueChecker.exe to check for any un-authorize DHCP server on the network. RogueChecker.exe has last updated on 2009 but it can run from Win 8 as well.

This application can also be configured for schedule checks.

Rogue detection tool is a GUI tool that checks if there are any rogue DHCP servers in the local subnet.

Following are the features with this application:

1.     It run one time or can be scheduled to run at specified interval.

2.     Can be run on a specified interface by selecting one of the discovered interfaces.

3.     Retrieves all the authorized DHCP servers in the forest and displays them.

4.     Ability to validate (not Authorize in AD) a DHCP server which is not rogue and persist this information

5.     Minimize the application, which makes it invisible. A tray icon will be present that would display the status.

Download RogueChecker.exe from http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-26-09-62/RogueChecker.zip

Prevention:

Configure your switch for DHCP snooping feature.

DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.

Note: I believe other branded switches should have similar feature as Cisco

About these ads

About Robiul

Robiul has 12 years of continuous successful career experience in ICT with extensive background in System Engineering, IT infrastructure design, operations and service delivery, managing IT projects / MIS functions for local and multi-national companies with in-depth knowledge of multiple operating systems as well as construct / manage small to medium size Data Center. Proven ability to design and implement medium to semi-large scale LAN/WAN/WLAN and system infrastructures. Academic qualification: Master of Science in Information Systems. Professional certifications are: MCSE, CCNA, ITIL and FoundStone Security Professional
This entry was posted in Windows and tagged . Bookmark the permalink.