miT Posted July 20, 2009 Share Posted July 20, 2009 Download available @ http://timashley.me/node/126 Rogue DHCP servers are those DHCP servers that are misconfigured or unauthorized unknowingly or those that are configured with a malicious intent for network attacks. Either be the case the impact on clients that are serviced by the rogue DHCP servers are critical. That is the clients would experience network access problems due to rogue DHCP server leasing incorrect IP addresses & incorrect options to the client. Security threats are caused when malicious user with rogue DHCP server can spread bad network parameters and thereby sniff the traffic sent by the clients. There are also certain Trojans like DNS-changing that uses a compromised machine in the network to pollute the network by installing rogue DHCP servers on the machine. Rogue detection tool is a GUI tool that checks if there are any rogue DHCP servers in the local subnet. Following are the features with this tool: 1. The tool can be run one time or can be scheduled to run at specified interval. 2. Can be run on a specified interface by selecting one of the discovered interfaces. 3. Retrieves all the authorized DHCP servers in the forest and displays them. 4. Ability to validate (not Authorize in AD) a DHCP server which is not rogue and persist this information 5. Minimize the tool, which makes it invisible. A tray icon will be present which would display the status Quote Link to comment Share on other sites More sharing options...
digininja Posted July 21, 2009 Share Posted July 21, 2009 That is interesting because I'm working on a project to build a Metasploit module to do DHCP attacks. I'll have to give this a test, see if I can get round it. Quote Link to comment Share on other sites More sharing options...
miT Posted July 21, 2009 Author Share Posted July 21, 2009 That is interesting because I'm working on a project to build a Metasploit module to do DHCP attacks. I'll have to give this a test, see if I can get round it. Please do! Let me know how the progress goes :) Quote Link to comment Share on other sites More sharing options...
puzOpia Posted July 30, 2009 Share Posted July 30, 2009 I've had a couple of instances of rogue DHCP servers on my networks. They cause all sorts of confusion and mayhem... until I find them and break them into little pieces. This tool sounds pretty awesome and right up my alley. I think I'll play.... thanks. Quote Link to comment Share on other sites More sharing options...
operat0r_001 Posted August 13, 2009 Share Posted August 13, 2009 snort out snort it has all that .. also theres also Karmetasploit Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.