Hari Sekhon wrote:
Eli Stair wrote:
Use CPAN's Net::DHCP::Packet to quickly create a DHCPDISCOVER packet, and
IO::Socket::INET to read raw incoming data to port 68, count the number of
DHCPOFFER's you get. Set your script output to proper OK/WARN/CRIT state
and the number/names of "rogue" servers in the text.
Just a suggestion.
/eli
On 7/28/06 9:40 AM, "Hari Sekhon" <[EMAIL PROTECTED]> wrote:
I was wondering what the best way of detecting a rogue dhcp server on
the network is.
I ask because some idiot at work installed vmware with it's dhcp server
which stuffed the company laptops which rely on dhcp since they got sent
to the wrong subnet.
Nagios actually drew my attention to this when troubleshooting because
it said 2 DHCP offers received.
I'm thinking about writing a shell wrapper to parse the output from the
check_dhcp plug-in and raise a warning status if it returns more than 1
dhcp offer.
Any other ideas?
Hari
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
or even easier than that perl I could use a bash wrapper to check_dhcp
and check the output from that and raise the warning code if more than
1 offer was received, it seems quicker and easier which is probably
what I will do thinking about it....
-h
Does anybody have any other ideas regarding checking for rogue DHCP
servers on a network. Really there should be an option to this plugin
to check if there is more than N offers received and also there should
be an option to make sure that the offer is received from the correct
server to ensure it hasn't been usurped by another dhcp server. There
is already an option to check the address is in the right range, which
I guess amounts to a similar thing. If this option can be present then
the option to make sure that the address was supplied by the correct
server/servers isn't too far a stretch.....
Hari
|
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
