How Somebody Helped Kill dhcpd on Our Network
Tim Peiffer
peiffer at umn.edu
Mon Jul 31 15:16:04 UTC 2006
Then the way to go is to run snoop,tcpdump, etc on the vlan that the
dhcpd is connected to looking for responses from 68/udp, and run through
a decode mechanism such as dhcpdump Then you will need to maintain a
list of who the legit dhcpd servers are and make decisions on whom/what
to kill. Things to consider are DHCP relay agents which communicate
from 68/udp to 68/udp, Novell servers, JumpStart, PXE boot, etc, for
validity.
tcpdump -s1500 -lenx -X src port 68 | dhcpdump
Tim Peiffer
Martin McCormick wrote:
> Tim Peiffer writes:
>
>> I apologize for the mis-config. Access_IN is our standard access list
>> naming and I called the filter No_DHCP_SERVER to be more descriptive..
>>
>
> Thanks for the good information. Cisco is where we are
> going but unfortunately we haven't replaced everything yet.
>
More information about the dhcp-users
mailing list