Solved

Rogue DHCP Server Prevention

Posted on 2009-04-01
3
676 Views
Last Modified: 2012-05-06
I am a network engineer for a company as a contractor and have recently been given a new account.  This account has a problem with a rogue DHCP server.  Another DHCP server comes online with an address of 192.168.0.1 and starts handing out phony DHCP leases to all the unsuspecting clients in my active directory.  Now my DC has DHCP setup on it as well, and when it sees this phony DHCP server it says there's another DHCP server on the network and stops the DHCP server service.  This seems to happen every other week for a few hours, then it goes away.  What would be the best solution to finding this rogue device and stopping it from assigning DHCP leases?  And is there a way to configure AD to not shut down the server when it sees the192 server?
0
Comment
Question by:Firefistus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24044411
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 24046572
The above advice is what I would have provided:

However, 192.168.0.1 is usually a router.

For microsoft DHCP servers,  you MUST manuall authorize them to be a DHCP server. Usually rogue DHCP servers are MASS STORAGE devices, (nas servers) or ROUTERS. These devices come default as providing DHCP often.
0
 

Accepted Solution

by:
Firefistus earned 0 total points
ID: 24063393
I actually configured my layer 3 switch to block DHCP on all ports except my real DHCP server.  I will see if that takes care of the issue.  Since it only happens on certain days I am going to try to find out who comes into the building that specific day and see if there's a PC or Mac setup to run DHCP.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question