Hahaha, the bad guy of DHCP mayhem is caught. It's Chang. How ridiculous. It is our own guy that sending a false dhcp offer. The problem is from the VMWare. VMWare install dhcp server service to assign an IP for its virtual host, however, to let the virtual network be linked wiht the real network, VMWare install a bridge that connect its virtual network card with the real network card. Now, DHCP service of VMWare is binded to VMNet1, if the bridge of the VMWare is configure to connect VMNet1 with the actual LAN, that dhcp will come to work!!! The solution is to uncheck the VMWare bridge item in the properties of LAN connection of Windows.
So, how this is detected. The mean is the good old one, Aj. Thanisara removed each link from the main hub and see that the bad dhcp still working. Okay, when she removed our room lan cable, the malicious dhcp server is disappeared. This is very stupid. At least, it shows that if someone set up a dhcp server, even unintentionally, we do not have any mean to stop that except to locate by brute force checking. Now, the need of NAT and a segmentation of each lab becomes more and more needed. At least that is what I think.
Hope that Chang does not get so much blame from the crisis. Now I can switch back to good old dhcp.
- Log in to post comments