Rogue DHCP Server Detector

From Association for Computing Machinery

(Difference between revisions)
Jump to: navigation, search
(New page: This program detects rogue DHCP servers. It monitors traffic on an Ethernet interface (configured in ''rogueDHCP.conf'') and examines DHCP replies. If it notices a DHCP reply from an Ether...)
Current revision (23:44, 19 November 2010) (edit) (undo)
m (Protected "Rogue DHCP Server Detector" [edit=sysop:move=sysop])
 
(3 intermediate revisions not shown.)
Line 3: Line 3:
* DHCP message type
* DHCP message type
* Server identifier
* Server identifier
-
* Address least time
+
* Address lease time
* Subnet mask
* Subnet mask
* Broadcast address
* Broadcast address
Line 13: Line 13:
Download: [http://acm.poly.edu/~spawk/rogueDHCP/rogueDHCP-1.0.0.tbz Rogue DHCP Server Detector 1.0.0]
Download: [http://acm.poly.edu/~spawk/rogueDHCP/rogueDHCP-1.0.0.tbz Rogue DHCP Server Detector 1.0.0]
 +
 +
==Upcoming Features==
 +
 +
* Aggressive mode (exhaustion of the address pools of rogue DHCP servers)
 +
* Notification of rogue DHCP servers by e-mail
 +
* Logging
 +
 +
==Release History==
 +
 +
* 1.0.0 (May 5<sup>th</sup>, 2009)
 +
** Initial release

Current revision

This program detects rogue DHCP servers. It monitors traffic on an Ethernet interface (configured in rogueDHCP.conf) and examines DHCP replies. If it notices a DHCP reply from an Ethernet address that is not in its known list of DHCP servers (also configured in rogueDHCP.conf), it informs the user of the situation by printing a message, along with some of the DHCP options in the DHCP reply, to standard output. The DHCP options that are printed if found in the DHCP reply are:

  • DHCP message type
  • Server identifier
  • Address lease time
  • Subnet mask
  • Broadcast address
  • Router
  • Domain name
  • Domain name servers

The code is C/C++ and aims to be compact, requiring libpcap as the only third-party library. It has been tested with GCC and 4.2 and 4.3, on FreeBSD and GNU/Linux, and on 32- and 64-bit and little- and big-endian processors.

Download: Rogue DHCP Server Detector 1.0.0

Upcoming Features

  • Aggressive mode (exhaustion of the address pools of rogue DHCP servers)
  • Notification of rogue DHCP servers by e-mail
  • Logging

Release History

  • 1.0.0 (May 5th, 2009)
    • Initial release
Personal tools