Security Basics mailing list archives
Re: unknown IP delivering DHCP
From: Kurt Buff <kurt.buff () gmail com>
Date: Sun, 15 Apr 2012 21:30:27 -0700
On Fri, Apr 13, 2012 at 02:48, Dirty Mortain <dirtymortain () gmail com> wrote:
Hello. In my LAN I'm using the network 192.0.0.0/24 with a DHCP (192.0.0.14) delivering for the entire LAN through 3 smart switches. machine is it (a smart and humanized machine) and block it?
That depends on your switches and how smart they are. Can you set them up with a monitor/mirror/span port? Can you print the MAC table on each one and tell which MAC addresses are associated with each port? If you can do both, then your task will be relatively easy - set up one port on each switch to monitor all of the other ports on that switch (except the port that connects it to the production network), using wireshark, and issue a DHCP request. Filter out answers from your production DHCP server. When the rogue DHCP server answers, you'll get its MAC address, and be able to find which port it's on by examining the MAC address table for each switch. If the above facilities aren't available on your switches, you can do the following, which will be *very* tedious, and intrusive, and should be done outside of business hours: 1) Disconnect one of your switches from the production network 2) Put one of your machines on that switch and do an address release and renew. 3a) If you don't get an answer, put that switch back on the network, and go to your next switch. 3b) If it gets an address, the rogue DHCP server is on that switch. 3b1) Disconnect one port from that switch, and try step 2) again. Repeat until you've found the port that, when disconnected, prevents the rogue DHCP server from answering. Kurt ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- unknown IP delivering DHCP Dirty Mortain (Apr 15)
- Re: unknown IP delivering DHCP Kurt Buff (Apr 15)
- Re: unknown IP delivering DHCP Ansgar Wiechers (Apr 16)
- Re: unknown IP delivering DHCP Dirty Mortain (Apr 16)
- Re: unknown IP delivering DHCP Jason Hellenthal (Apr 16)
- Re: unknown IP delivering DHCP Don Thomas (Apr 16)
- Message not available
- Re: unknown IP delivering DHCP Dirty Mortain (Apr 16)