Re: Bogus DHCP server in the network....

[Joseph S D Yao <jsdy () cospo osis gov>]

> Here's the picture. I am a client of Adelphia PowerLink CableTV. They use DHCP
> for giving IP addresses. In the last weeks a bogus DHCP server showed up into
> the network giving addresses in 192.168.244.128/25. The guy is using aliasing
> on his Ethernet interface, he has an address aquired from the ISP in the ISP's
> range and he configured his interface with 192.168.244.129 too. I have his
> MAC. He gives DNS services. The system the hacker uses is totally protected,
> no ports are "visible" to allow to try to do something to his system (can syn
> flood be a solution?). Some time ago the hacker provided forwarding also but
> now he's not forwarding anymore anoying lots of people in the net as they
> don't have access to the INTERNET. I believe it is a UNIX box, most likely
> LINUX with NAT. Now here comes the question: is anything there we can do to
> block this guy ?
>
> Any answer will be greately appreciated. I will sumarize also for archiving
> purposes.
>
> TIA & best regards,
> Tudor

Unless you like getting yourself in hot water, your first step should
be to accumulate your evidence and present it to your ISP.  How do you
know, e.g., that this is not just your ISP using different stations and
being inept about it?  ;->

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.