Networking | TechDiY.net

Find rogue DHCP servers with DHCPLOC

April 23rd, 2009

2 comments

The DHCPLOC Utility in action

DHCP is a great tool, but it does have it’s weaknesses. If your network is not secured properly, a lot of damage can be done by adding a rogue DHCP server to the mix. Let’s say you have a DHCP server giving out an address range of 192.168.128.150.10 - 100. The DHCP scope defines your gateway and DNS servers as well. Now someone else comes along and wants a better WiFi signal in their area. They setup a Linksys WiFi device at home with no problems so how difficult can it be to install one at work? I am going to point out again that you need to practice better security to avoid problems like this. Security should be proactive, not reactive. They purchase a Linksys device and slap it into the network port with the default config. Now, not only do you have an unsecure wireless broadcasting your network traffic (I’ll rant post about that later) you have a DHCP server passing out bogus IP addresses to your clients causing them to lose connection with your network.

If you ever enter a situation like this, you need to find the rogue DHCP server as soon as possible. You could start up WireShark and sniff out the network traffic, but there is an easier way. DHCPLOC is a utility from Microsoft that allows you to send out a DHCP request and capture the DHCP offer data.

NOTE: DHCPLOC does work in Vista, but the installer does not. I downloaded the toolkit from here: Windows XP Service Pack 2 Support Tools. Then I used 7Zip to extract all the files within the MS exe archive. I then located the DHCPLOC utility and saved it to my USB drive.

To use DHCPLOC:

Open a command prompt
Type DHCPLOC <your IP address>
It does not look like it’s doing anything, but it is. Just hit enter and it will show you “Type d - to discover; q - to quit; h - for help.”
Then hit “d” on the keyboard and wait a few seconds. It will bring up all DHCP offer requests that it has found.

Once the rogue DHCP server has been found, then the real detective work begins: Finding the device on the network. I will cover how to track down IP addresses in the next post.

Jason Networking dhcp, dhcploc, find, free, guide, how, rogue

The DLink DNS-323 = Storage Great-NAS!

March 6th, 2009

1 comment

Click here to read more about the DNS-323

I have been through many NAS devices. When my Linksys GigaDrive failed, I purchased the Linksys NSLU2. When that finally bit the dust, I did some research and came up with the DLink DNS-323. I liked what I saw, so I took the plunge and ordered it. I have been using it for quite a while now and so far it is aces in my book.

Choose Zabbix for free, easy system monitoring

February 28th, 2009

2 comments

Times are tough. Budgets are getting cut and everyone is being pushed to do more for less. As an I.T. Administrator, I needed a simple system to monitor my network and servers. When someone said the network is slow, I don’t have the luxury of spending half a day to troubleshoot it anymore.

Even if you do have all the resources in the world, a monitoring solution is really something you need to have on your network. Baselines and historical data are very hard to argue against when you are begging for money for network upgrades.

Twitter

Everything is bigger in Texas... everything but their water treatment centers. Texas tap water on the right. http://tweetphoto.com/34016187 2010/07/21
@djtjwp Yeah, we're okay now. Alec was bit by a spider. 2010/07/21
Doctor's office visit: check. Bad weather all week: check. What a vacation... at least I spent a lot of money on it :-( 2010/07/20
Playing trivia in the car and Ian asks if he can use Google. That's my boy! 2010/07/19
Vacation snag: campground in Arkadelphia sucks! Looks like it's not always sunny in Arkadelphia. Super 8 to the rescue! 2010/07/19