Rogue DHCP Server Prevention
Posted on 2009-04-01
I am a network engineer for a company as a contractor and have recently been given a new account. This account has a problem with a rogue DHCP server. Another DHCP server comes online with an address of 192.168.0.1 and starts handing out phony DHCP leases to all the unsuspecting clients in my active directory. Now my DC has DHCP setup on it as well, and when it sees this phony DHCP server it says there's another DHCP server on the network and stops the DHCP server service. This seems to happen every other week for a few hours, then it goes away. What would be the best solution to finding this rogue device and stopping it from assigning DHCP leases? And is there a way to configure AD to not shut down the server when it sees the192 server?