Rogue DHCP Server detection 1.0

Published by

Checks if there are any rogue DHCP servers in the local subnet.
Rogue DHCP servers are those DHCP servers that are misconfigured or unauthorized unknowingly or those that are configured with a malicious intent for network attacks.

Either be the case the impact on clients that are serviced by the rogue DHCP servers are critical. That is the clients would experience network access problems due to rogue DHCP server leasing incorrect IP addresses & incorrect options to the client. Security threats are caused when malicious user with rogue DHCP server can spread bad network parameters and thereby sniff the traffic sent by the clients.

There are also certain Trojans like DNS-changing that uses a compromised machine in the network to pollute the network by installing rogue DHCP servers on the machine.

Rogue detection tool is a GUI tool that checks if there are any rogue DHCP servers in the local subnet.

Features:

The tool can be run one time or can be scheduled to run at specified interval.
Can be run on a specified interface by selecting one of the discovered interfaces.
Retrieves all the authorized DHCP servers in the forest and displays them.
Ability to validate (not Authorize in AD) a DHCP server which is not rogue and persist this information
Minimize the tool, which makes it invisible. A tray icon will be present which would display the status.

Usage:
Double click on the tool or launch the excutable from the command prompt.

The tool on startup will query the AD and populates the authorized DHCP server.

  Download