Jump to content


Photo
- - - - -

Detect Rogue DHCP Servers on Windows

Started by miT, Jul 20 2009 01:51 PM

  • Please log in to reply
4 replies to this topic

#1 miT

miT

    I like ponies!

  • Active Members
  • PipPipPipPipPip
  • 163 posts
  • Gender:Male
  • Location:Los Angeles, CA
  • Interests:I'll let you take a WILD guess (hence this site)

Posted 20 July 2009 - 01:51 PM

Download available @ http://timashley.me/node/126

Rogue DHCP servers are those DHCP servers that are misconfigured or unauthorized unknowingly or those that are configured with a malicious intent for network attacks. Either be the case the impact on clients that are serviced by the rogue DHCP servers are critical. That is the clients would experience network access problems due to rogue DHCP server leasing incorrect IP addresses & incorrect options to the client. Security threats are caused when malicious user with rogue DHCP server can spread bad network parameters and thereby sniff the traffic sent by the clients. There are also certain Trojans like DNS-changing that uses a compromised machine in the network to pollute the network by installing rogue DHCP servers on the machine.

Rogue detection tool is a GUI tool that checks if there are any rogue DHCP servers in the local subnet.

Following are the features with this tool:

1. The tool can be run one time or can be scheduled to run at specified interval.

2. Can be run on a specified interface by selecting one of the discovered interfaces.

3. Retrieves all the authorized DHCP servers in the forest and displays them.

4. Ability to validate (not Authorize in AD) a DHCP server which is not rogue and persist this information

5. Minimize the tool, which makes it invisible. A tray icon will be present which would display the status
/miT

[ OMGIRC.com ] - Need help? Join our chat for instant assistance!

[ TimAshley.me ] - My personal blog

#2 digininja

digininja

    Elite

  • Global Moderators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,457 posts
  • Gender:Male
  • Location:Sheffield, UK

Posted 21 July 2009 - 10:46 AM

That is interesting because I'm working on a project to build a Metasploit module to do DHCP attacks. I'll have to give this a test, see if I can get round it.
Digininja.org - General IT and Security stuff
Jasager Homepage
Interceptor Homepage

#3 miT

miT

    I like ponies!

  • Active Members
  • PipPipPipPipPip
  • 163 posts
  • Gender:Male
  • Location:Los Angeles, CA
  • Interests:I'll let you take a WILD guess (hence this site)

Posted 21 July 2009 - 11:27 AM

QUOTE (digininja @ Tue, 21 Jul 2009 08:46:22 +0000) <{POST_SNAPBACK}>
That is interesting because I'm working on a project to build a Metasploit module to do DHCP attacks. I'll have to give this a test, see if I can get round it.


Please do! Let me know how the progress goes smile.gif
/miT

[ OMGIRC.com ] - Need help? Join our chat for instant assistance!

[ TimAshley.me ] - My personal blog

#4 puzOpia

puzOpia

    Hak5 Fan

  • Active Members
  • PipPip
  • 31 posts
  • Gender:Male

Posted 30 July 2009 - 06:56 PM

I've had a couple of instances of rogue DHCP servers on my networks. They cause all sorts of confusion and mayhem... until I find them and break them into little pieces. This tool sounds pretty awesome and right up my alley. I think I'll play.... thanks.
Join AppleHaters!

#5 operat0r_001

operat0r_001

    Hak5 Pirate

  • Active Members
  • PipPipPipPipPipPip
  • 314 posts

Posted 13 August 2009 - 12:17 PM

snort out snort it has all that .. also theres also Karmetasploit
Scripts




E.T PWN HOME
Back to Security


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Hak5 Forums
  2. Talk:
  3. Security
  4. Privacy Policy