using Nagios to detect rogue DHCP servers?

Brian A. Seklecki lavalamp at spiritual-machines.org
Tue Jul 10 14:26:42 CEST 2007


Going out and DHCREQUEST'ing and validating may be intermittent in
accuracy; you'd be best off with a SPAN port, tcpdump watching all DHCP
Client and DHCP Server traffic.

DHC-Offers should match a source MAC address(es) you certify.
Otherwise, ask your switching fabric to shutdown the port matching the
CAM table entry with the rouge MAC address.

~BAS

On Tue, 2007-07-10 at 10:45 +0100, Hari Sekhon wrote:
> yes I've done this, by writing a bash script to wrap the check_dhcp 
> plugin and change the status code and output if more than the right 
> number of dhcp servers responded (also, you make sure the dhcp server 
> that responded is the right one using the check_dhcp plugin option.)
> 
> -h
> 
> Hari Sekhon
> 
> 
> 
> Rogelio Bastardo wrote:
> > Has anyone used Nagios to detect rogue DHCP severs?
> >
> > I've got a complicated campus environment where people do things such as 
> > plug in Linksys routers (the wrong way) and hand out DHCP addresses.
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> > ::: Messages without supporting info will risk being sent to /dev/null
> >
> >   
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 
> 
> 
> 
> 



-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list