Occasionally, we have seen the appearance of “bogus/rogue” DHCP servers on the campus network, which have often been the result of someone bringing up a Windows server inappropriately configured. The impact of these is usually limited to the particular departmental VLAN that the server is in and can result in connectivity disruptions within that department.
In the past, we have seen instances of malware strains wherein an infected computer starts up a DHCP server process, offering inappropriate DHCP leases to legitimate clients within the department and pointing to evil DNS servers that redirect your traffic to places that you really wouldn’t want to visit. This goes well beyond basic connectivity issues for an individual department.
With the goals of both minimizing security risks and reducing the causes for connectivity interruptions within departments, we added a new rule in our current default network switch port policy that blocks any and all DHCP server traffic. This policy has been applied to all ports across the campus network EXCEPT for those ports connected to a legitimate departmental DHCP server that you have registered with ITS Networking.
Note that DHCP services should continue to work as they do now, with no changes required by end users, provided that the DHCP server used is a “known and registered” server.
If you plan to register or move a DHCP server, please submit a Remedy Ticket or Online Help Request to Networking and include the IP address, the MAC address and your contact information as information in the request.
Note: any DHCP server not registered in this manner will be considered a “rogue” DHCP server and that traffic (and ONLY its DHCP traffic) will be blocked at that device’s switch port.