RE: Bogus DHCP server in the network....

[Henry Sieff <hsieff () orthodon com>]

Contact your service provider. They will take the appropriate steps;
anything you do to him would be ambiguous froma legal standpoint, and may
violate your TOS (two wrongs not making a right, and all that.
--
Henry Sieff
Network Nanny
Orthodontic Centers of America
(504) 834-4392 ext.135


> -----Original Message-----
> From: TUDOR PANAITESCU [mailto:tpanaitescu () usa net]
> Sent: Sunday, October 03, 1999 6:38 AM
> To: firewall-wizards () nfr net
> Subject: Bogus DHCP server in the network....
>
>
> Hello fellow wizards,
>
> Here's the picture. I am a client of Adelphia PowerLink 
> CableTV. They use DHCP
> for giving IP addresses. In the last weeks a bogus DHCP 
> server showed up into
> the network giving addresses in 192.168.244.128/25. The guy 
> is using aliasing
> on his Ethernet interface, he has an address aquired from the 
> ISP in the ISP's
> range and he configured his interface with 192.168.244.129 
> too. I have his
> MAC. He gives DNS services. The system the hacker uses is 
> totally protected,
> no ports are "visible" to allow to try to do something to his 
> system (can syn
> flood be a solution?). Some time ago the hacker provided 
> forwarding also but
> now he's not forwarding anymore anoying lots of people in the 
> net as they
> don't have access to the INTERNET. I believe it is a UNIX 
> box, most likely
> LINUX with NAT. Now here comes the question: is anything 
> there we can do to
> block this guy ?
>
> Any answer will be greately appreciated. I will sumarize also 
> for archiving
> purposes.
>
> TIA & best regards,
> Tudor
>
> ____________________________________________________________________
> Get free email and a permanent address at 
> http://www.netaddress.com/?N=1