Rogue DHCP and nmap

Allen Chang allen at
Tue Apr 23 21:20:11 GMT 2002

        We had some fun tracking a rogue DHCP server down and did a nmap
on our subnet for UDP port 67. We ended up 2-3 computers but only 1 of
them was actually the culprit. Does anyone have experience with this?

Aside from the false positives, we believe that this is a pretty effective
way of remotely looking for a rogue DHCP server and will probably use it
in the future since it beats plugging something into the subnet and
logging. Comments?

Network Security
Office of Residential Computing
UC Berkeley

More information about the unisog mailing list