Solved

Rogue DHCP Server Prevention

Posted on 2009-04-01
3
669 Views
Last Modified: 2012-05-06
I am a network engineer for a company as a contractor and have recently been given a new account.  This account has a problem with a rogue DHCP server.  Another DHCP server comes online with an address of 192.168.0.1 and starts handing out phony DHCP leases to all the unsuspecting clients in my active directory.  Now my DC has DHCP setup on it as well, and when it sees this phony DHCP server it says there's another DHCP server on the network and stops the DHCP server service.  This seems to happen every other week for a few hours, then it goes away.  What would be the best solution to finding this rogue device and stopping it from assigning DHCP leases?  And is there a way to configure AD to not shut down the server when it sees the192 server?
0
Comment
Question by:Firefistus
3 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24044411
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 24046572
The above advice is what I would have provided:

However, 192.168.0.1 is usually a router.

For microsoft DHCP servers,  you MUST manuall authorize them to be a DHCP server. Usually rogue DHCP servers are MASS STORAGE devices, (nas servers) or ROUTERS. These devices come default as providing DHCP often.
0
 

Accepted Solution

by:
Firefistus earned 0 total points
ID: 24063393
I actually configured my layer 3 switch to block DHCP on all ports except my real DHCP server.  I will see if that takes care of the issue.  Since it only happens on certain days I am going to try to find out who comes into the building that specific day and see if there's a PC or Mac setup to run DHCP.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question