On 04/29/2010 08:54 AM, Andrew McNabb wrote: > It's not always that simple. I had one time where the rogue DHCP server > was giving out correct information for almost everything. The only > thing it was getting wrong was next-server, so certain machines weren't > PXE booting correctly. Sure, sometimes it's easy to track down a rogue > DHCP server, but at times the effects can be incredibly subtle.
In one case on my network, the lease times offered by the rogue DHCP server were sufficiently short that by the time I got to the office of the user affected, the bad lease had expired and a good lease from my server obtained. Took me a couple of hours to track down what was happening as blackouts rolled across my faculty offices in waves. Sniffing also wasn't so simple to begin with as my DHCP server was on a completely different subnet than the affected machines, so sniffing on the dhcp server's end didn't reveal anything, other than that my server would make an offer that was sometimes not acknowledged. Finally when I could catch a machine with an actual bad lease I was able to figure out what was going on, sniffed the bad dhcp mac address, and tracked it down to a port. Turned out someone had turned on internet connection sharing on their windows computer, but they had accidentally shared the wrong interface so instead of sharing their wired interface over an adhoc wireless connection, they were sharing their wireless over the ethernet. So until you've actually been a network admin on a large network, don't be so sure that things are always as easy as you think. -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
