Solved What will happens if 2nd DHCP server appears on network that already is served by DHCP from a router ?
-
Theoretically speaking big company, lots of floors, no good moderation.
And somebody wants to sabotage or harm the network or maybe learn about DHCP [Therotically speaking] and he can have access to the network using ethernet cable cause the whole building have accessible RJ45 wall plugs, and he made DHCP server using Windows Server ISO for example and, what will happen to the clients ...
Clients are Windows machines that get IPv4 + DNS automatically.
-
Depends - Generally nothing, but there could be a situation where the primary DHCP is offline, and the client gets a new IP from the rogue DHCP server. If the new DHCP is not configured properly for your network, then clients would lose access to network resources and possibly the internet. This all depends on the config of the rogue DHCP server.
Your TTL on DHCP leases can play a big role in how long this takes to detect. On the other hand, there is DHCP scanning utilities that can identify any DHCP servers on the network.
As a side note; If I caught an end-user doing something like this, they would be relegated to yellow pads and cheap pens.
-
If there are no protections against this, they will get randomly assigned DHCP addressed based on network race conditions. So likely you'll see something like half of the network get IP addresses from one DHCP server and half from another. It's hardly a useful attack as it is super easy to track down and while it causes disruption, it causes no damage. Not effective for the mischief maker as it doesn't net them anything and is so easy to catch.
-
The first thing that happens is the beatings.
-
You'd be able to fix things by simply blocking the offending port.
-
@msff-amman-Itofficer said in What will happens if 2nd DHCP server appears on network that already is served by DHCP from a router ?:
Theoretically speaking big company, lots of floors, no good moderation.
And somebody wants to sabotage or harm the network or maybe learn about DHCP [Therotically speaking] and he can have access to the network using ethernet cable cause the whole building have accessible RJ45 wall plugs, and he made DHCP server using Windows Server ISO for example and, what will happen to the clients ...
Clients are Windows machines that get IPv4 + DNS automatically.
All of these theoretical are oddly specific. :shifty-eyes:
-
@coliver if someone was to theoretically to plug in a second DHCP, what would theoretically happen and how likely would someone get caught? wink wink say no more.
-
Well its not easy, you have to go around all the building to check but I understand what you mean.
The reason for this is when I had the Cisco Wlan issue (different topic )I noticed some users had wrong IPs, also wrong subnet so I worried that somebody maybe did this.
-
Yup there is :
https://www.symantec.com/connect/downloads/detect-rogue-dhcp-servers-network
suprised to find this actually...
-
@msff-amman-Itofficer said in What will happens if 2nd DHCP server appears on network that already is served by DHCP from a router ?:
Yup there is :
https://www.symantec.com/connect/downloads/detect-rogue-dhcp-servers-network
suprised to find this actually...
It's pretty easy at the network level, just look for DHCP traffic from one that one source.
