Rogue DHCP and nmap

Allen Chang allen at rescomp.berkeley.edu
Tue Apr 23 21:20:11 GMT 2002


Hi,
        We had some fun tracking a rogue DHCP server down and did a nmap
on our subnet for UDP port 67. We ended up 2-3 computers but only 1 of
them was actually the culprit. Does anyone have experience with this?

Aside from the false positives, we believe that this is a pretty effective
way of remotely looking for a rogue DHCP server and will probably use it
in the future since it beats plugging something into the subnet and
logging. Comments?

@llen
Network Security
Office of Residential Computing
UC Berkeley



More information about the unisog mailing list