• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 419
  • Last Modified:

How to avoid rogue DHCP servers?

Hi,

I had a DHCP problem in my network right now and the reason was that someone had plugged in his private Wifi router that started giving out IP address from its own range ...

How could I prevent (on a technical level) something like this happening again?

(Windows 2008 Domain)

Thank you!
0
Xeronimo
Asked:
Xeronimo
  • 4
  • 3
  • 2
  • +2
2 Solutions
 
Paul 1Commented:
The non-tech way is better, when you find the device disable it with a hammer!

here is the other way
http://technet.microsoft.com/en-us/library/cc754792.aspx
0
 
XeronimoAuthor Commented:
Haha, yes!

As for authorization, my DHCP server (who's also a DC) has been authorized though ... and doesn't your link there only refer to DHCP servers that run on Windows servers? In my case it was a wifi router that started attributing IP addresses ... how would I prevent it from doing this?
0
 
cwstad2Commented:
Are you able to configure you network switches to block DHCP on all ports except that of the server?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
XeronimoAuthor Commented:
cwstad: I guess I should be able to do that, it's a HP ProCurve. But if not yet done something like that ... Is it similar to restricting traffic on firewalls?
0
 
cwstad2Commented:
I doubt if you can on that model. Our network guys have configured on CISCO equipment.
0
 
XeronimoAuthor Commented:
Ok, I'll see what I can do!
0
 
MiftaulCommented:
If you use cisco switches, configure dhcp snooping on switchports to stop rogue dhcp servers.
0
 
TimotiStDatacenter TechnicianCommented:
If you can post the exact model of your switch, I can check if it supports DHCP snooping.

Tamas
0
 
XeronimoAuthor Commented:
Hi, it's a HP ProCurve 4240vl

Thanks!
0
 
cwstad2Commented:
Take a look here. Worth a try. We have a couple in IT but only for desktop Switches

http://integratingit.wordpress.com/2012/08/13/configuring-dhcp-snooping-on-hp-procurve-switches/
0
 
TimotiStDatacenter TechnicianCommented:
That's good, the 4200vl series supports DHCP snooping since firmware L.10.09.

Config example from a 3400 series box:
dhcp-snooping
no dhcp-snooping option 82
no dhcp-snooping verify mac
dhcp-snooping vlan 23 
!
interface 47
   mdix-mode mdix
   exit
interface 48
   mdix-mode mdix
   exit
interface 49
   dhcp-snooping trust
   exit
interface Trk4
   dhcp-snooping trust
   exit

Open in new window

0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 4
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now