DHCP Sentry
DHCP Sentry detects and alerts network administrators to the presence of rogue or unauthorized DHCP servers on their networks.
DHCP Sentry was created out of a need to detect rogue DHCP servers on residential networks in universities. Typically, at a residential university, students are encouraged to share networking ports by purchasing hubs or switches. However, in many cases students purchases routers or wireless router devices instead. When these devices are incorrectly attached to the network, they can emit DHCP traffic and interfere with DHCP servers set up by the university. This has the unfortunate effect of disconnecting many legitimate users from the networking services and causing headaches for network administrators. Microsoft has a tool called DHCPLOC which was supposed to help us with this issue but it suffers from horrible usability, no alert but an audible "beep", and a timestamp that only shows you the time of day.
DHCP Sentry helps administrators detect and resolve rogue DHCP issues by:
- Detecting rogue DHCP Servers
- Determining the MAC address of rogue servers for easier switch and port resolution
- Sending SMTP email or Instant Messaging alerts to administrators
- Throttling alerts as to not "spam" administrators
- Allowing admins to launch external programs to further act on alerts
- Allow admins to specify "authorized" DHCP servers as to avoid false positives
- Emits an audible "beep" during detection to alert anyone in the vicinity
Requirements:
- Microsoft Windows 2000/XP/2003/Vista/7
- .NET Framework 2.0 and later
- Local Administrator privileges required to access network stack
Cost:
- $30 USD
NOTE: If you pay online and are not redirected to the download page just email me at chip@sqlsecurity.com and I will email you the program directly.
Troubleshooting Q&A
Q1. Unhandled Exception: System.Net.Sockets.SocketException: Only one usage of each
socket address (protocol/network address/port) is normally permitted
Answer: This error is generally caused by:
*Trying to run a second copy of dhcp_sentry while one is running
or
*Trying to run dhcp_sentry while the local machine is has another
application listening on UDP 68
Run "netstat -aon" and see
if you find a line like:
UDP 0.0.0.0:68 *:*
This would cause your problem since two applications are attempting to
listen on the same socket/port. The PID column should show you the
application opening the port which you can look up in Task Manager.
Q2. Security Exception when running dhcp_sentry.exe
Answer: This is generally caused by one of two issues:
1. You are not running as a local administrator - Since DHCP Sentry performs direct socket activities - elevated privileges may be required on your platform.
2. You are running dhcp_sentry from a mapped drive - When running applications from a mapped drive, .NET runs your application with a much more restricted set of privileges. Run the application from a local drive and the issue should be resolved.