Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
0
Helpful
1
Replies

Rogue DHCP / DNS server

bberry
Level 1
Level 1

‎04-07-2009 12:56 PM - edited ‎03-06-2019 05:03 AM

Has anyone ever faced the issue of a PC or laptop responding to DHCP requests faster than the network DHCP server as a rogue DHCP server? There apparetly is no DHCP service running on this PC and we are currently looking to see if there is malware or something similar running on the PC. If the users look at the ipconfig, they may have a legitimate IP address and the DHCP server address looks correct but DNS is completely wrong. Release and renew will return the same IP address users originally received and seems to be a random thing. If we disconnect this PC from the network all further DHCP requests go back to normal.

Any way to protect the network from this type of traffic?

Labels:
0 Helpful
1 Reply 1

John Blakley
VIP Alumni
VIP Alumni

‎04-07-2009 01:02 PM

You can use dhcp snooping. Trust only the port that you have your official dhcp server on, and then all other ports are untrusted.

Here's a link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/13ew/configuration/guide/dhcp.html

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card