[Nagiosplug-devel] check_dhcp / rogue dhcp server detection
Matthew Wilson
mwilson at uindy.edu
Fri May 12 12:02:35 CEST 2006
After thinking it through, I think a better implementation would be a
list of "authorized servers" (-a maybe) be passed -- this could be used
in addition/conjunction to the -s parameter... Here's how I imagine it
working with -s:
./check_dhcp -s 192.168.0.1 -s 192.168.0.2
Both servers MUST respond
Others MAY also respond
./check_dhcp -a 192.168.0.1 -a 192.168.0.2
Either or both MAY respond
Others MAY NOT respond
./check_dhcp -s 192.168.0.1 -s 192.168.0.2 -a 192.168.0.1 -a 192.168.0.2
Both servers MUST respond
Others MAY NOT respond
./check_dhcp -s 192.168.0.1 -a 192.168.0.1 -a 192.168.0.2
192.168.0.1 MUST respond
192.168.0.2 MAY respond
Others MAY NOT respond
./check_dhcp -s 192.168.0.1 -s 192.168.0.2 -a 192.168.0.1
Invalid use of -s and -a. This would fail every time. Perhaps this
could produce an "Unknown" error.
At the University of Indianapolis at least 4 times per year, we'll have
a student plug in a linksys router backwards and put an unauthorized
dhcp server on our network. This handy addition would minimize the
effects...
Thanks!
Matthew
C. Bensend wrote:
>>>Has anyone given any thought to adding a flag to check_dhcp, so that
>>>when IPs are returned, the specified servers are the ONLY servers that
>>>can respond. Currently, check_dhcp makes sure that each server in the
>>>list responds, but what if there's an additional dhcp server that
>>>responds? This might be an effective way to actively monitor for rogue
>>>dhcp servers on your network.
>>>
>>>
>>that's a pretty cool idea. i don't imagine it would be too hard to
>>implement. if you threw together a rough proof of concept i'd be
>>happy to take a look if no one else gets to it first.
>>
>>i'll be in mexico at debconf next week, send me a ping after that
>>if no one else has picked this up.
>>
>>
>
>This is exactly the thing I proposed late last year, after a rogue
>DHCP server was accidentally started on our LAN. I bantered back
>and forth with several members of the list (I remember Andreas
>for sure), but it was beyond my meager (nay, pathetic!) programming
>skills.
>
>Benny
>
>
>
>
More information about the Devel
mailing list