using Nagios to detect rogue DHCP servers?

Hari Sekhon hpsekhon at googlemail.com
Tue Jul 10 15:39:40 CEST 2007


>
> Going out and DHCREQUEST'ing and validating may be intermittent in
> accuracy; 
can you explain why this would be intermittent in accuracy?
If there is another dhcp server present on the subnet, you will get an 
offer from it as well, I have used this quite a lot and caught a 
colleague of mine who installed vmware.

> you'd be best off with a SPAN port, tcpdump watching all DHCP
> Client and DHCP Server traffic.
>   
requires a whole new plugin written from scratch, I haven't seen a 
tcpdump like plugin. Therefore much more difficult and more time 
required, as well as more computationally intensive to watch all traffic 
for another dhcpoffer, when actually you'll get the same result.

-h

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list