Locate rogue DHCP server
Posted
by Farseeker
on Server Fault
See other posts from Server Fault
or by Farseeker
Published on 2010-01-12T01:26:19Z
Indexed on
2010/03/24
8:43 UTC
Read the original article
Hit count: 595
I know this is a serious long shot, but here we go.
In the past week or so, for users connected to a particular switch in our network (there are four dumb switches all connected, and it only affects SOME, not all, users on the one switch) are getting DHCP addresses from a rogue DHCP server.
I have physically checked every cable plugged into the switch in question to make sure that none of them have a router or wifi point attached to it. I know the IP of the DHCP server, but I cannot ping it, and it does not have a web interface.
Does anyone have any suggestions on what I can do to locate it or shut it down? Unfortuantely all the switches are unmanaged, and as mentioned, there's no physical device (that I can find) plugged in to anything.
It's getting critical, because it's screwing up the PXE boot of a whole bunch of thin clients.
© Server Fault or respective owner