Finding And Stopping Rogue DHCP Servers On MikroTik
ฝัง
- เผยแพร่เมื่อ 20 ก.ค. 2024
- Hey there, this video will be looking at how to show you how to find rogue DHCP servers on your network. We will see how we can potentially stop these rogue servers from issuing out IP addresses to the network by using the DHCP Snooping feature on MikroTik.
👊Thanks for taking time to watch my video. If you could, pressing LIKE and SUBSCRIBING helps more people discover my videos. Feel free to leave a comment for any other topics you would like to see me cover or what your general opinion is of the video.
🕘Timestamps🕘
📕00:00 - Introduction
📕00:23 - Topology Overview
📕01:56 - Finding Rogue Servers (Wireshark)
📕04:12 - Configuring DHCP Alerts
📕07:30 - DHCP Snooping configuration
📕11:18 - Conclusion
Support the Channel:
⭐Become a Patreon: / thenetworkberg
⭐Become a TH-cam Member: / @thenetworkberg
Social Media:
🌏 / thenetworkberg
🌏 / bergnetwork
🌏 / the-network-berg-39451...
MTCRE Playlist:
• Free MTCRE RoSv6
MTCNA Playlist:
• Free MTCNA RoSv6
Credits:
Thumbnail: Created on Canva
Intro: Created on Canva
Music by Alumo
Songs used:
Dioitic
Outland 85
Music by Bensound.com/free-music-for-videos
• Bensound: "The Elevato...
Thanks again for watching
Pinning this comment with the relevant MikroTik help docs:
help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-DHCPSnoopingandDHCPOption82
Very useful. Thank you so much for teaching us thing like this 💪
Perfect explanation and demo !
great video and hell of a t-shirt my man 👍
ANOTHER INFORMATIVE VIDEO .....
Mikrotik shouted you out!! Pretty cool! Love your videos
Thanks for the video, really useful
Awesome, just awesome content. Thx man ♥
thanx man, very useful explanation, and nice Sepultura shirt)))))))
Another GREAT VIDEO!
appreciated your video brother.
Awesome video !!
great as usual.
Thank you this with security awernes seams to increase a lot. How about a video to collect and manage logs from the Mikrotik? Line ntopt, greylog and others to detect and prevent intrusion.
nice and compact info to cover a lot of topics (especially snooping!)
thanks for that ... but please give the mic some space ;)
Great video as always, very informative :D I would like to have push notification from the router... Instead of e-mail... I hope mikrotik do something about that... Aruba switches for eg can be managed from the cloud... (I think that notification are enough)
In Mikrotiks forum there are a lot of scripts for push notif to email, discord ... etc
Very good explanation, may I know what tools you are using in the dashboard?
Thank you
Nice thumbnail
Easiest eay to wirelessly take down a network you are testing - mikrotik as wireless bridge ; once you have internet, then on the wireless bridge enable the dhcp server for the same range and scope as the network youre connecting to... Boom, network will go down and if the core router is rebooted, the Mikrotik will reconnect and the fun will happen again.. as a PoC, you can run the Mikrotik off of a power bank, using a 5v to 12v usb to DC barrel jack cable.
Chaos A.D , nice 😁
4:39 or, or, or, you do one even better, if your device has a piezo buzzer you could play Seek & Destroy.
hello
great lesson
can u make lesson about best traffic shapping in mikrotik
best regards
That was all well and good, but how do you protect it if they keep using smokebomb and vanish?
Great video! What kind of virtualisation software are you using?
I use VMWare Pro as a hypervisor and the emulation VM I am running is EVE-NG
Love your shirt!!! Love your content! Keep it metal!! Keep it nerd! Don't change!
#CHAOS_AD
U R Super Pro Expert 😊
Thank you for the kind words
Love that shirt! Chaos AD!
🤘Yeah I love Sepultura! Wish I was a bit older when Max came to South Africa in 2004 with SoulFly, sadly my conservative parents wouldn't allow a 15 year old to a metal concert :P
@@TheNetworkBerg I saw Max a number of times with SoulFly. It was definitely something special. I didn't see Sepultura when he was there, unfortunately. I remember when my older brother brought home the first Nailbomb album - thats some good stuff if you haven't heard of it!
Do you know how this protection is done on the switch-port level? Is it using an "extended" ACL in the switch to block DHCP offers?
I'm using router on a stick model so I also have VLAN joined a Bridge at Router. Is it necessary to enable DHCP Snooping on Router's Bridge and trust Router's ether2?
My scenario is a mk router, with another oem poe switch connected on port 3. The switch hosts my APs. An extender connected to the network to boost signal to grey area is behaving as a rogue server. What do you advise for dhcp snooping since it's only one port that's connected to the mk device ?
hi very useful. If you are willing to share also the topic with option 82, it will help a lot. advance thanks.
additional question. if you are using option 82, you can use at least 2 switches or like you said you need more 1 router for additional requirement?
can you do this with pfsense?
Would a rogue DHCP server on one of the switches still respond but be blocked? Could the switch then detect and log? Thinking about ways to block them from acting while still being able to detect them because it's an indicator of a problem.
hi if i have 3 LAN bridges each one with its own DHCP server should i create 3 emntries under ALERTS? or do i need to create one Alert and put all 3 DHCP servers in there??
Please I would really love to write scripts on my Mikrotik router, How do I go about doing that??
Wait im new here. 2:15 is a wireshark link integrated into the mikrotik soft/hardware? how did that work?
Unfortunately not, in this instance Wireshark is integrated with EVE-NG the network emulation software (VM) that I am running to build this topology. What makes this cool is that you run wireshark against any node so I can see the same results on a Cisco, Juniper, Huawei, HPE, etc.
what is the drawing tool used here?
It is a network emulator called EVE-NG, you can download and install it on a Virtual Machine, it does the same thing as GNS3. You build virtual networks that work like real networks (Because they are real images) to get a better understanding of how to configure or build your networks.
Are you sure that port 2 on switch 1 should be made trusted? What if the rogue server connects instead of the second switch?
Then the rogue server will be able to do DHCP again, but this would mean the rogue user would need access to the physical switches and if random people can walk into switching cabinets you have more serious security concerns.
You would also quickly pick up if half your network drops because a malicious person unplugged a switch.
@@TheNetworkBerg i just checked the documentation, apparently sw1 ether2 would only have trusted=yes _if_ both sw1 and sw2 are using dhcp option 82, otherwise i'm assuming it would be trusted=no
this is because when option 82 is enabled for the bridge, it will automatically discard any packet received on untrusted ports if they have an option 82 field.
no mention on behavior of when option 82 is disabled for the receiving device, but i'm assuming it accepts any dhcp client regardless of option 82 field present or not on untrusted ports and only discards dhcp servers.
is by default dhcp snooping rejection loged? cisco do log by default
Yes you can do it on SW😊
But why not simply isolate all users on Wi-Fi?
Refuse/resist rogue dhcp chaos servers ad!
If anyone added a rogue router to a work network, then that person would a. be out of a job and b. behind bars LOL not likely, but very possible at a home network.
what actually happens is technicians testing replaced commodity routers by connecting it to the local network and not realizing these come with a DHCP server by default, and then wonder why others start complaining that the network stopped working.
Very useful... thank you so much!