?
Solved

Rogue DHCP Server Prevention

Posted on 2009-04-01
3
Medium Priority
?
688 Views
Last Modified: 2012-05-06
I am a network engineer for a company as a contractor and have recently been given a new account.  This account has a problem with a rogue DHCP server.  Another DHCP server comes online with an address of 192.168.0.1 and starts handing out phony DHCP leases to all the unsuspecting clients in my active directory.  Now my DC has DHCP setup on it as well, and when it sees this phony DHCP server it says there's another DHCP server on the network and stops the DHCP server service.  This seems to happen every other week for a few hours, then it goes away.  What would be the best solution to finding this rogue device and stopping it from assigning DHCP leases?  And is there a way to configure AD to not shut down the server when it sees the192 server?
0
Comment
Question by:Firefistus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 39

Expert Comment

by:ChiefIT
ID: 24046572
The above advice is what I would have provided:

However, 192.168.0.1 is usually a router.

For microsoft DHCP servers,  you MUST manuall authorize them to be a DHCP server. Usually rogue DHCP servers are MASS STORAGE devices, (nas servers) or ROUTERS. These devices come default as providing DHCP often.
0
 

Accepted Solution

by:
Firefistus earned 0 total points
ID: 24063393
I actually configured my layer 3 switch to block DHCP on all ports except my real DHCP server.  I will see if that takes care of the issue.  Since it only happens on certain days I am going to try to find out who comes into the building that specific day and see if there's a PC or Mac setup to run DHCP.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question