Warning Signs of a Rogue DHCP Server

Written by on Tuesday, March 4, 2008 5:32 - 0 Comments

Just because you are only supposed to have one DHCP server on your network doesn’t mean it really is the only one

A pretty common rule of thumb for any network using DHCP is to only use one DHCP server, and if you must use more than one to make sure the IP ranges being handed out do not overlap. However, just because you only have one legitimate DHCP server on the network doesn’t mean another one doesn’t exist. There are a couple of telltale signs you can look for when you suspect another DHCP server exists on your network.

Several of the computer on the network begin losing their IP addresses or picking up addresses that are not standard on your network.
Due to overlapping address ranges being handed out, several machines on your network report IP address conflicts.
You see an abnormally large amount of DHCP traffic (UDP ports 67 and 68) flowing through the network when doing a packet capture.
Since the chances are that the rogue DHCP server is there for malicious intent, the amount of virus traffic being caught by your network’s virus monitoring system could potentially increase dramatically. Along these same lines, you could also see an increase in bandwidth.

Anytime you see any of these things happen you should always consider the fact that there may be a DHCP server that exists in your network without your knowledge.

Article written by MyComputerAid.com



Leave a Reply

You must be logged in to post a comment.

2003 server - Sep 30, 2008 22:34 - 0 Comments

instant messaging srv records

More In Computers & PC


Microsoft Outlook - Mar 22, 2009 11:22 - 0 Comments

Outlook: Duplicates in Mailbox

More In Computers & PC