Rogue detection: DHCP Server
Rogue DHCP server detection is an important aspect of network security and management. In a typical network environment, DHCP (Dynamic Host Configuration Protocol) servers are used to automatically assign IP addresses and other network configuration details to client devices. However, the presence of an unauthorized or rogue DHCP server can disrupt network operations and pose significant security risks.
DDI identifies and promptly alerts about rogue servers that are assigning IP addresses to a subnet. This kind of attack involves a rogue DHCP server issuing lease requests to clients with invalid or inappropriate IP addresses and/or option parameters. Such "man in the middle" attacks might aim to improperly configure client devices by altering default gateway settings or DNS server addresses. Conducting regular IP address sweeps or discoveries is an effective way to detect rogue devices, including unauthorized DHCP servers.
The image shows that DDI has issued a red warning alert, indicating the detection of a rogue server at 1.1.1.6. This server has been actively listening and responding to address requests within the specified subnet.
New to ADSelfService Plus?
Related Articles
Configuring DHCP failover
Note: ManageEngine DDI does not offer DHCP failover for IPv6 address space. Failover is only available for IPv4 address space. To configure the DHCP failover configurations: Go to DHCP ->Config-> DHCP Failover Click on the Add DHCP Failover button on ...
Managing DHCP scopes
What is a DHCP Scope? A DHCP scope is a network topological element in DHCP defined as a pool of IP addresses that a DHCP server can dynamically assign to clients on a particular subnet. Each scope represents a range of IP addresses that are ...
Custom DHCP options
About Custom DHCP options Defining custom DHCP options enable network administrators to extend and tailor DHCP functionality beyond the standard configuration parameters. Custom DHCP options provide a way to convey specific information to DHCP ...
DHCP fingerprinting with Client Classes
Client Classes and Sub Classes Client classes and Sub Classes are powerful features used to group clients (DHCP clients) and apply specific DHCP options or behaviors to those groups. These classes and subclasses enable more granular control over how ...
DHCP scope audit logs
The DHCP scope audit logs page provides you an overview of the actions performed on each scope configured in your network. It help you to continuously evaluate the overall security posture of your scopes using security audit logs to track the who, ...