Rogue DHCP Server Detector

From Association for Computing Machinery

(Difference between revisions)
Jump to: navigation, search
(New page: This program detects rogue DHCP servers. It monitors traffic on an Ethernet interface (configured in ''rogueDHCP.conf'') and examines DHCP replies. If it notices a DHCP reply from an Ether...)
Line 3: Line 3:
* DHCP message type
* DHCP message type
* Server identifier
* Server identifier
-
* Address least time
+
* Address lease time
* Subnet mask
* Subnet mask
* Broadcast address
* Broadcast address

Revision as of 18:07, 29 June 2009

This program detects rogue DHCP servers. It monitors traffic on an Ethernet interface (configured in rogueDHCP.conf) and examines DHCP replies. If it notices a DHCP reply from an Ethernet address that is not in its known list of DHCP servers (also configured in rogueDHCP.conf), it informs the user of the situation by printing a message, along with some of the DHCP options in the DHCP reply, to standard output. The DHCP options that are printed if found in the DHCP reply are:

  • DHCP message type
  • Server identifier
  • Address lease time
  • Subnet mask
  • Broadcast address
  • Router
  • Domain name
  • Domain name servers

The code is C/C++ and aims to be compact, requiring libpcap as the only third-party library. It has been tested with GCC and 4.2 and 4.3, on FreeBSD and GNU/Linux, and on 32- and 64-bit and little- and big-endian processors.

Download: Rogue DHCP Server Detector 1.0.0

Personal tools