asked on

Finding rogue DHCP servers

I am trying to setup a way to be alerted if rogue DHCP servers show up on our network. I tried using dhcploc.exe, but the alert fails with "NetMessageBufferSend error failed 2273". I think this utility uses "net send" to send the alert so maybe I need to open something up to allow this.

I'm not stuck on using dhcploc.exe so if someone has a better utility, I'm all ears!

Thanks!
BPL

m1tk4

A couple of suggestions:

- see if dhcploc returns a different exit code if it found new dhcp servers or only the ones you predefined
- you can also use /p option so suppress the output for all predefined dhcp servers, then based on the contents of the output either send an email or skip it.

In any case you'd probably need to write a VBScript shell script - I don't think a CMD would do.

bpl5000

ASKER

The reason I was getting this error was do to the 'Messenger' service being disabled on the PC receiving the alert.

bpl5000

ASKER

Does anyone know a better way to find rogue DHCP servers? dhcploc.exe works fine, but you have to launch it in each subnet. I'd like a way to find rogue dhcp servers across subnets.

ASKER CERTIFIED SOLUTION

brian_36526

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

BRT-Tech

I've been using this tool in a student housing network...

http://www.sqlsecurity.com/Tools/CommercialTools/tabid/71/Default.aspx

It's called DHCP Sentry and it will run on a server or client PC and wait for a rogue broadcast. It will identify the rogue servers by MAC address of the NIC card and will email a report if you wish. It can also launch a batch process and pass the IP and MAC to the process. It is command line based and runs in a command window. No GUI.

It's inexpensive and works. It helped me find and eliminate a server that had taken down my network.