using Nagios to detect rogue DHCP servers?

Brian A. Seklecki lavalamp at spiritual-machines.org
Tue Jul 10 21:58:43 CEST 2007


> What about writing a custom plugin that uses this GPL prog to return the
> warning/critical/ok/pending values?

That sounds very reasonable; there's always the possibility that you won't 
see, within your run time threshold, offers from a rouge server due to 
race conditions or other crud (slow networks, etc.).

Of course, then you have a lot of proactive bogus DHCP Client activity 
coming from your Nagios system.

The best solution of course, but not always the most feasible, is a SPAN 
port in your core:

Simply:

$ sudo tcpdump -n -e -vvv 'src port bootps && !ether src 0:50:da:28:37:62'

Replace the MAC with your know DHCP server.  Matches are rouge.  If you 
see them, get out the jumper cables.

~BAS


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list