General discussion

Locked

rough dhcp servers

By pcorneillie ·
We recently had an issue with a users who did setup his own dhcp server on a part of our network.
The whole subnet was by consequence distrubted and it took us quite some time to diagnose and fix this.
Is there a standard way to avoid future similar problems in the future?
The DHCP server used was a wireless router somebody wanted to setup.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jmgarvin In reply to rough dhcp servers

VLANs are a way to mitigate the issue...Is that what you are looking for?

Collapse -

by pcorneillie In reply to

Not directly. We are already using VLANs but the user added a DHCP server on the VLAN and by consequence the subnet/vlan went down.

Collapse -

by jmgarvin In reply to rough dhcp servers

Ok I think I understand now. I'm guessing all your users have local admin rights? How is it that they were able to setup a DHCP server?

Collapse -

by pcorneillie In reply to

They just have a network outlet in their room (we are a college and this happened in one of the buildings where students and visitors stay). So they connect whatever they want to the network. Problem in this case is that they did not connect a computer but a wireless router. This device was taking the role as DHCP server.

Collapse -

by olyolson In reply to rough dhcp servers

The way to fix this is by when using VLANs, tie the mac address of each computer to the port on the switch that way each computer/server cannot move to anywhere on the network. then use domain policy to administer permissions on domain computers. This will prevent someone from bringing in a computer or laptop with a DHCP server on it.

Collapse -

by pcorneillie In reply to

This is no good as we encourage are users to go to other locations and use their computer there (library, other rooms, classrooms, etc). This is only an option of the host is to stay put all the time.

Collapse -

by bryan.adams In reply to rough dhcp servers

This is a common problem and one that can happen for a number of reasons. The SoHo wireless access point has become the most common in my envoronment. Domain security will not help here as these "routers" do not care what AD says.

One active measure that can be taken is to use filtering on your switches. {This assumes intelegent, manageable switches.} For instance our Cisco 2950's can filter DHCP server traffic.

Another semi-active measure is to set up a host to search for rogue DHCP servers and when one is found, disable the port. {This requires a second NIC and the ability to place it into each LAN or VLAN you need to monitor} In short, you request an address and when a server you don't authorize answers you have a problem. {There are also products that will do this for you but they can be pricey. {www.bradfordsw.com}

Finally, a truly passive measure is to wait until users are misguided by the DHCP server and ask them to report the results of "winpcfg /all" and "arp -a" nothe the mac address of the ip address reported as teh DHCP server. This is your "Bad Guy. Find that MAC and shut off its port.
{E.G. Windows XP... There are lilkely otehr methods/commands on other OS's.}

Collapse -

by pcorneillie In reply to

But they need to receive a DHCP address from our DHCP server. Filtering all DHCP traffic is by consequence not reasonable. Unless DHCP traffice can be arranged very strict?

Collapse -

by pcorneillie In reply to rough dhcp servers

This question was closed by the author

Back to Networks Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums