Locate rogue DHCP server

Posted by Farseeker on Server Fault See other posts from Server Fault or by Farseeker
Published on 2010-01-12T01:26:19Z Indexed on 2010/03/24 8:43 UTC
Read the original article Hit count: 595

I know this is a serious long shot, but here we go.

In the past week or so, for users connected to a particular switch in our network (there are four dumb switches all connected, and it only affects SOME, not all, users on the one switch) are getting DHCP addresses from a rogue DHCP server.

I have physically checked every cable plugged into the switch in question to make sure that none of them have a router or wifi point attached to it. I know the IP of the DHCP server, but I cannot ping it, and it does not have a web interface.

Does anyone have any suggestions on what I can do to locate it or shut it down? Unfortuantely all the switches are unmanaged, and as mentioned, there's no physical device (that I can find) plugged in to anything.

It's getting critical, because it's screwing up the PXE boot of a whole bunch of thin clients.

© Server Fault or respective owner

Related posts about dhcp

Related posts about search-and-destroy