bpl5000
asked on
Finding rogue DHCP servers
I am trying to setup a way to be alerted if rogue DHCP servers show up on our network. I tried using dhcploc.exe, but the alert fails with "NetMessageBufferSend error failed 2273". I think this utility uses "net send" to send the alert so maybe I need to open something up to allow this.
I'm not stuck on using dhcploc.exe so if someone has a better utility, I'm all ears!
Thanks!
BPL
I'm not stuck on using dhcploc.exe so if someone has a better utility, I'm all ears!
Thanks!
BPL
ASKER
The reason I was getting this error was do to the 'Messenger' service being disabled on the PC receiving the alert.
ASKER
Does anyone know a better way to find rogue DHCP servers? dhcploc.exe works fine, but you have to launch it in each subnet. I'd like a way to find rogue dhcp servers across subnets.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I've been using this tool in a student housing network...
http://www.sqlsecurity.com/Tools/CommercialTools/tabid/71/Default.aspx
It's called DHCP Sentry and it will run on a server or client PC and wait for a rogue broadcast. It will identify the rogue servers by MAC address of the NIC card and will email a report if you wish. It can also launch a batch process and pass the IP and MAC to the process. It is command line based and runs in a command window. No GUI.
It's inexpensive and works. It helped me find and eliminate a server that had taken down my network.
http://www.sqlsecurity.com/Tools/CommercialTools/tabid/71/Default.aspx
It's called DHCP Sentry and it will run on a server or client PC and wait for a rogue broadcast. It will identify the rogue servers by MAC address of the NIC card and will email a report if you wish. It can also launch a batch process and pass the IP and MAC to the process. It is command line based and runs in a command window. No GUI.
It's inexpensive and works. It helped me find and eliminate a server that had taken down my network.
- see if dhcploc returns a different exit code if it found new dhcp servers or only the ones you predefined
- you can also use /p option so suppress the output for all predefined dhcp servers, then based on the contents of the output either send an email or skip it.
In any case you'd probably need to write a VBScript shell script - I don't think a CMD would do.