A rogue DHCP server on a network is one that is not under the administrative control of the network staff. It can be a network device such as a modem or a router connected to the network by a user who may be either unaware of the consequences of their actions, or may be knowingly using it for attacks on the network.
As clients connect to the network, both the rogue and legal DHCP server will offer them IP addresses as well as the addresses of the default gateway and DNS servers. If the information provided by the rogue DHCP differs from the real one, clients accepting IP addresses from it may experience network access problems, including speed
issues as well as inability to reach other hosts because of an incorrect IP network or gateway. In addition, if a rogue DHCP is set to provide as default gateway an IP address of a machine controlled by a misbehaving user, he can sniff all the traffic sent by the clients to other networks, violating network security policies as well as user privacy.
Read more »
Sr. Solutions Engineer
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!