Feature Requests

Is there any way that a rogue DHCP server mac address detector could be included? We are running m0n0walls in remote locations with a couple hundred clients behind each one. When someone installs a little home router and they plug it in without configuring it, it ends up handing out addresses to others on the network that messes up their internet. We have remote management of the switch, so if there is a way to determine what mac address the DHCP server is, we could determine what switchport they are on and disable it.
Is there a possible tool to be added that would just send out a DHCP discover packet and return the source mac address if there are any responses?

Thanks,
Kevin

If you have a Cisco switch (Catalyst), you can configure a feature called "DHCP Snooping" that address exactly what you described.

This is the Cisco how-to (same commands on all Catalyst switches that supports the feature):  http://cio.cisco.com/univercd/cc/td/doc/product//lan/cat2950/12120ea2/2950scg/swdhcp82.pdf

For a detailed description of DHCP Snooping:  http://en.wikipedia.org/wiki/DHCP_Snooping

Benoit

Unfortunately, we do not have a Cisco switch. The switches we have are HPs and do not support a DHCP snooping funtion.

Is there a way to install ARPing on m0n0walll to at least send a request to the rouge dhcp server for it's MAC address. It's pretty easy to tell which subnet the DHCP server is on based on the DHCPnak's that the m0n0wall sends out. If we could send an ARP request that would also resolve the issue.