[Nagiosplug-devel] check_dhcp / rogue dhcp server detection

Matthew Wilson mwilson at uindy.edu
Fri May 12 12:02:35 CEST 2006


After thinking it through, I think a better implementation would be a 
list of "authorized servers" (-a maybe) be passed -- this could be used 
in addition/conjunction to the -s parameter...  Here's how I imagine it 
working with -s:

./check_dhcp -s 192.168.0.1 -s 192.168.0.2
Both servers MUST respond
Others MAY also respond

./check_dhcp -a 192.168.0.1 -a 192.168.0.2
Either or both MAY respond
Others  MAY NOT respond

./check_dhcp -s 192.168.0.1 -s 192.168.0.2 -a 192.168.0.1 -a 192.168.0.2
Both servers MUST respond
Others MAY NOT respond

./check_dhcp -s 192.168.0.1 -a 192.168.0.1 -a 192.168.0.2
192.168.0.1 MUST respond
192.168.0.2 MAY respond
Others MAY NOT respond

./check_dhcp -s 192.168.0.1 -s 192.168.0.2 -a 192.168.0.1
Invalid use of -s and -a.  This would fail every time.  Perhaps this 
could produce an "Unknown" error.

At the University of Indianapolis at least 4 times per year, we'll have 
a student plug in a linksys router backwards and put an unauthorized 
dhcp server on our network.  This handy addition would minimize the 
effects...

Thanks!
Matthew


C. Bensend wrote:

>>>Has anyone given any thought to adding a flag to check_dhcp, so that
>>>when IPs are returned, the specified servers are the ONLY servers that
>>>can respond.  Currently, check_dhcp makes sure that each server in the
>>>list responds, but what if there's an additional dhcp server that
>>>responds?  This might be an effective way to actively monitor for rogue
>>>dhcp servers on your network.
>>>      
>>>
>>that's a pretty cool idea.  i don't imagine it would be too hard to
>>implement.  if you threw together a rough proof of concept i'd be
>>happy to take a look if no one else gets to it first.
>>
>>i'll be in mexico at debconf next week, send me a ping after that
>>if no one else has picked this up.
>>    
>>
>
>This is exactly the thing I proposed late last year, after a rogue
>DHCP server was accidentally started on our LAN.  I bantered back
>and forth with several members of the list (I remember Andreas
>for sure), but it was beyond my meager (nay, pathetic!) programming
>skills.
>
>Benny
>
>
>  
>





More information about the Devel mailing list