detect 2 DHCP Servers on network?

[Hari Sekhon]

Hari Sekhon wrote:
> Eli Stair wrote:
>> Use CPAN's Net::DHCP::Packet to quickly create a DHCPDISCOVER packet, and
>> IO::Socket::INET to read raw incoming data to port 68, count the number of
>> DHCPOFFER's you get.  Set your script output to proper OK/WARN/CRIT state
>> and the number/names of "rogue" servers in the text.
>>
>> Just a suggestion. 
>>
>> /eli
>>
>>
>> On 7/28/06 9:40 AM, "Hari Sekhon" <hpsekhon at gmail.com> wrote:
>>
>>   
>>> I was wondering what the best way of detecting a rogue dhcp server on
>>> the network is.
>>>
>>>
>>> I ask because some idiot at work installed vmware with it's dhcp server
>>> which stuffed the company laptops which rely on dhcp since they got sent
>>> to the wrong subnet.
>>>
>>> Nagios actually drew my attention to this when troubleshooting because
>>> it said 2 DHCP offers received.
>>>
>>> I'm thinking about writing a shell wrapper to parse the output from the
>>> check_dhcp plug-in and raise a warning status if it returns more than 1
>>> dhcp offer.
>>>
>>> Any other ideas?
>>>
>>>
>>> Hari
>>>
>>>
>>> -------------------------------------------------------------------------
>>> Take Surveys. Earn Cash. Influence the Future of IT
>>> Join SourceForge.net's Techsay panel and you'll get the chance to share your
>>> opinions on IT & business topics through brief surveys -- and earn cash
>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>>> _______________________________________________
>>> Nagios-users mailing list
>>> Nagios-users at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>> ::: Please include Nagios version, plugin version (-v) and OS when reporting
>>> any issue. 
>>> ::: Messages without supporting info will risk being sent to /dev/null
>>>
>>>     
>>
>>
>>   
> or even easier than that perl I could use a bash wrapper to check_dhcp 
> and check the output from that and raise the warning code if more than 
> 1 offer was received, it seems quicker and easier which is probably 
> what I will do thinking about it....
>
> -h
>


Does anybody have any other ideas regarding checking for rogue DHCP 
servers on a network. Really there should be an option to this plugin to 
check if there is more than N offers received and also there should be 
an option to make sure that the offer is received from the correct 
server to ensure it hasn't been usurped by another dhcp server. There is 
already an option to check the address is in the right range, which I 
guess amounts to a similar thing. If this option can be present then the 
option to make sure that the address was supplied by the correct 
server/servers isn't too far a stretch.....


Hari

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20060816/aa36c7ac/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null