From: Edward Monk (emonk@xxxxxxx)
Date: Fri Aug 30 2002 - 12:33:50 GMT-3
Neil,
I am assuming someone has set up an illegal DHCP server. The easiest way
without disrupting your DHCP services more than they already are is to
use a Sniffer and catch the DHCPOFFER. Here is a link on Cisco's site
that will tell you exactly how to do it on a LAN. It is a
troubleshooting document but it is obvious how this would work in your
situation in finding the Mac and the IP of the offending PC.
If you have a router in the link you could use debug and monitor DHCP
requests and get the same information by observing the DHCPOFFERs as
well from the terminal.
http://www.cisco.com/warp/public/473/100.html
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chuck Church
Sent: Friday, August 30, 2002 8:44 AM
To: 'Neil G. Legada'; 'ccielab@groupstudy.com'
Subject: RE: Illegal DHCP Servers
Neil,
The easy way would be to disconnect/disable all your authorized
DHCP
servers temporarily, then try to obtain an address on something. If you
get
an address, the illegal one should be listed as the DHCP server on that
client.
Chuck Church
CCIE #8776, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Neil G. Legada
Sent: Friday, August 30, 2002 9:51 AM
To: ccielab@groupstudy.com
Subject: OT: Illegal DHCP Servers
Hello Group,
Is there a way to detect unauthorized DHCP servers within a LAN ???
Appreciate any feedback.
Thanks and regards,
Neil
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:43 GMT-3