Jump to content

Detect Rogue DHCP Servers on Windows


Recommended Posts

Download available @ http://timashley.me/node/126

Rogue DHCP servers are those DHCP servers that are misconfigured or unauthorized unknowingly or those that are configured with a malicious intent for network attacks. Either be the case the impact on clients that are serviced by the rogue DHCP servers are critical. That is the clients would experience network access problems due to rogue DHCP server leasing incorrect IP addresses & incorrect options to the client. Security threats are caused when malicious user with rogue DHCP server can spread bad network parameters and thereby sniff the traffic sent by the clients. There are also certain Trojans like DNS-changing that uses a compromised machine in the network to pollute the network by installing rogue DHCP servers on the machine.

Rogue detection tool is a GUI tool that checks if there are any rogue DHCP servers in the local subnet.

Following are the features with this tool:

1. The tool can be run one time or can be scheduled to run at specified interval.

2. Can be run on a specified interface by selecting one of the discovered interfaces.

3. Retrieves all the authorized DHCP servers in the forest and displays them.

4. Ability to validate (not Authorize in AD) a DHCP server which is not rogue and persist this information

5. Minimize the tool, which makes it invisible. A tray icon will be present which would display the status

Link to comment
Share on other sites

That is interesting because I'm working on a project to build a Metasploit module to do DHCP attacks. I'll have to give this a test, see if I can get round it.

Please do! Let me know how the progress goes :)

Link to comment
Share on other sites

  • 2 weeks later...

I've had a couple of instances of rogue DHCP servers on my networks. They cause all sorts of confusion and mayhem... until I find them and break them into little pieces. This tool sounds pretty awesome and right up my alley. I think I'll play.... thanks.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...