RE: Bogus DHCP server in the network....

["Baribault, Gary" <gary.baribault () videotron net>]

With the guy's MAC and IP why cant the cable provider just disconnect him?

If they have his mac they can trace him and just remove his cable modem from
service or block the DHCP forwarding on his port or a million other things!

Gary Baribault
Network Architect


-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of TUDOR
PANAITESCU
Sent: Sunday, October 03, 1999 7:38 AM
To: firewall-wizards () nfr net
Subject: Bogus DHCP server in the network....


Hello fellow wizards,

Here's the picture. I am a client of Adelphia PowerLink CableTV. They use
DHCP
for giving IP addresses. In the last weeks a bogus DHCP server showed up
into
the network giving addresses in 192.168.244.128/25. The guy is using
aliasing
on his Ethernet interface, he has an address aquired from the ISP in the
ISP's
range and he configured his interface with 192.168.244.129 too. I have his
MAC. He gives DNS services. The system the hacker uses is totally protected,
no ports are "visible" to allow to try to do something to his system (can
syn
flood be a solution?). Some time ago the hacker provided forwarding also but
now he's not forwarding anymore anoying lots of people in the net as they
don't have access to the INTERNET. I believe it is a UNIX box, most likely
LINUX with NAT. Now here comes the question: is anything there we can do to
block this guy ?

Any answer will be greately appreciated. I will sumarize also for archiving
purposes.

TIA & best regards,
Tudor

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1