I found the rogue DHCP server. I had a report this morning as soon as I got in from a user who couldn't connect to anything, and found that he had an address in the 192.168.1.0/24 subnet, on a VLAN that should be in the 192.168.13.0/24 subnet.
Brought in a laptop, changed its IP address to match the range of the rogue unit and connected it to a port on a switch in the same VLAN, and pinged the IP address of the rogue server, then harvested the MAC address from 'arp -a' Then did a 'sho mac' on the switches that carried the VLAN, and nailed it down to the port on the switch. I disabled the port, and let the user come to me, asking why he couldn't get anywhere. The rest is politics... Kurt On Tue, Oct 8, 2013 at 8:26 PM, Jon Harris <[email protected]> wrote: > If you find them just kill their ports and say their rogue equipment caused > a hardware failure and you need to replace all the hardware in or near their > device. Pass it onto their managers with a bill for the equipment. Pretty > sure they will get the blood drained and your hands will be semi-clean. > > Jon > >> Date: Tue, 8 Oct 2013 11:16:42 -0700 > >> Subject: Re: [NTSysADM] Semi-OT: AU bandwidth >> From: [email protected] >> To: [email protected] > >> >> That's a good list to start. Much appreciated. >> >> If I follow up, it'll be in a few days - among other things, I have to >> track down the miscreants (again!) who are putting up rogue network >> equipment on the production network that is issuing DHCP responses, >> and that thinks it's root bridge. >> >> I'm out for blood this time. >> >> Kurt >> >> On Mon, Oct 7, 2013 at 10:37 PM, James Hill <[email protected]> >> wrote: >> > You can get unmetered here but it is more expensive. It depends on where >> > exactly. Brisbane city for example would be no problem to provide the speed >> > and symmetrical link you want. Out in the suburbs may be more challenging >> > though. >> > >> > Telstra is the biggest (and usually most expensive provider) ISP here >> > followed by Optus. >> > >> > There are plenty of others that resell the above two networks and also >> > in some cases have a fair amount of their own equipment. Any of the >> > following will be able to provide what you are after:- >> > >> > http://www.telstra.com.au/business-enterprise/ >> > http://www.optus.com.au/business >> > http://www.brennanit.com.au/ >> > http://www.overthewire.com.au/ >> > >> > Contact me off list if you need anything more specific. >> > >> > James. >> > >> > -----Original Message----- >> > From: [email protected] >> > [mailto:[email protected]] On Behalf Of Kurt Buff >> > Sent: Tuesday, 8 October 2013 9:22 AM >> > To: [email protected]; [email protected] >> > Subject: [NTSysADM] Semi-OT: AU bandwidth >> > >> > Specifically, Brisbane, if any of you have experience there, I'd be >> > happy to hear about it. >> > >> > We've got an office there, and I've been trying to get decent bandwidth >> > there for ages. >> > >> > I'm looking for a plan with greater than 4mbit (preferably 10mbit), and >> > no metering. No SDSL, either. >> > >> > EFM, fiber, something that will get me a /29 and reliable connectivity >> > that we can pound on for the site-to-site VPN back to the US office at a >> > reasonable price. >> > >> > I did another search today, and *everyone* wants to see you metered >> > bandwitdh, and AFAIAC, the only metering should be the actual speed of the >> > link - I pay for it, I get it, all the way, 24x7. >> > >> > >> > Anyone on this list know of a good provider there? >> > >> > Kurt >> > >> > >> >>
