Rogue DHCP Server Detector

From Association for Computing Machinery

Revision as of 23:44, 19 November 2010 by Boris (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

This program detects rogue DHCP servers. It monitors traffic on an Ethernet interface (configured in rogueDHCP.conf) and examines DHCP replies. If it notices a DHCP reply from an Ethernet address that is not in its known list of DHCP servers (also configured in rogueDHCP.conf), it informs the user of the situation by printing a message, along with some of the DHCP options in the DHCP reply, to standard output. The DHCP options that are printed if found in the DHCP reply are:

  • DHCP message type
  • Server identifier
  • Address lease time
  • Subnet mask
  • Broadcast address
  • Router
  • Domain name
  • Domain name servers

The code is C/C++ and aims to be compact, requiring libpcap as the only third-party library. It has been tested with GCC and 4.2 and 4.3, on FreeBSD and GNU/Linux, and on 32- and 64-bit and little- and big-endian processors.

Download: Rogue DHCP Server Detector 1.0.0

Upcoming Features

  • Aggressive mode (exhaustion of the address pools of rogue DHCP servers)
  • Notification of rogue DHCP servers by e-mail
  • Logging

Release History

  • 1.0.0 (May 5th, 2009)
    • Initial release
Personal tools