Finding And Stopping Rogue DHCP Servers On MikroTik
Рет қаралды 23,249
Күн бұрынHey there, this video will be looking at how to show you how to find rogue DHCP servers on your network. We will see how we can potentially stop these rogue servers from issuing out IP addresses to the network by using the DHCP Snooping feature on MikroTik.
👊Thanks for taking time to watch my video. If you could, pressing LIKE and SUBSCRIBING helps more people discover my videos. Feel free to leave a comment for any other topics you would like to see me cover or what your general opinion is of the video.
🕘Timestamps🕘
📕00:00 - Introduction
📕00:23 - Topology Overview
📕01:56 - Finding Rogue Servers (Wireshark)
📕04:12 - Configuring DHCP Alerts
📕07:30 - DHCP Snooping configuration
📕11:18 - Conclusion
Support the Channel:
⭐Become a Patreon: / thenetworkberg
⭐Become a KZfaq Member: / @thenetworkberg
Social Media:
🌏 / thenetworkberg
🌏 / bergnetwork
🌏 / the-network-berg-39451...
MTCRE Playlist:
• Free MTCRE RoSv6
MTCNA Playlist:
• Free MTCNA RoSv6
Credits:
Thumbnail: Created on Canva
Intro: Created on Canva
Music by Alumo
Songs used:
Dioitic
Outland 85
Music by Bensound.com/free-music-for-videos
• Bensound: "The Elevato...
Thanks again for watching
@TheNetworkBerg Жыл бұрын
Pinning this comment with the relevant MikroTik help docs: help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-DHCPSnoopingandDHCPOption82
@drumer2142 Жыл бұрын
Very useful. Thank you so much for teaching us thing like this 💪
@ahsanmuhammad7428 Жыл бұрын
Perfect explanation and demo !
@Joshv918 Жыл бұрын
Mikrotik shouted you out!! Pretty cool! Love your videos
@anasa.ghannam9302 Жыл бұрын
thanx man, very useful explanation, and nice Sepultura shirt)))))))
@amaralarama Жыл бұрын
great video and hell of a t-shirt my man 👍
@javiermacias5299 Жыл бұрын
Thanks for the video, really useful
@petrmiskerik Жыл бұрын
Awesome, just awesome content. Thx man ♥
@trexx_media Жыл бұрын
ANOTHER INFORMATIVE VIDEO .....
@Red1Wollip 10 ай бұрын
Another GREAT VIDEO!
@vedatyilmaz4577 Жыл бұрын
great as usual.
@JasonsLabVideos Жыл бұрын
Awesome video !!
@reanitkhmer3325 Жыл бұрын
appreciated your video brother.
@drumaddict89 Жыл бұрын
nice and compact info to cover a lot of topics (especially snooping!) thanks for that ... but please give the mic some space ;)
@ruyfranca8756 Жыл бұрын
Thank you
Жыл бұрын
Thank you this with security awernes seams to increase a lot. How about a video to collect and manage logs from the Mikrotik? Line ntopt, greylog and others to detect and prevent intrusion.
Жыл бұрын
Chaos A.D , nice 😁
@mathphy_rk Жыл бұрын
Very good explanation, may I know what tools you are using in the dashboard?
@kresimirpecar4925 Жыл бұрын
Great video as always, very informative :D I would like to have push notification from the router... Instead of e-mail... I hope mikrotik do something about that... Aruba switches for eg can be managed from the cloud... (I think that notification are enough)
@drumer2142 Жыл бұрын
In Mikrotiks forum there are a lot of scripts for push notif to email, discord ... etc
@sep_sh 4 ай бұрын
Nice thumbnail
@jessebustamante6620 Жыл бұрын
Love your shirt!!! Love your content! Keep it metal!! Keep it nerd! Don't change! #CHAOS_AD
@AhmadAhmad-jf3wb Жыл бұрын
hello great lesson can u make lesson about best traffic shapping in mikrotik best regards
@zadekeys2194 5 ай бұрын
Easiest eay to wirelessly take down a network you are testing - mikrotik as wireless bridge ; once you have internet, then on the wireless bridge enable the dhcp server for the same range and scope as the network youre connecting to... Boom, network will go down and if the core router is rebooted, the Mikrotik will reconnect and the fun will happen again.. as a PoC, you can run the Mikrotik off of a power bank, using a 5v to 12v usb to DC barrel jack cable.
@salembaabbad8783 10 ай бұрын
U R Super Pro Expert 😊
@TheNetworkBerg 10 ай бұрын
Thank you for the kind words
@aaronfish2691 Жыл бұрын
Love that shirt! Chaos AD!
@TheNetworkBerg Жыл бұрын
🤘Yeah I love Sepultura! Wish I was a bit older when Max came to South Africa in 2004 with SoulFly, sadly my conservative parents wouldn't allow a 15 year old to a metal concert :P
@aaronfish2691 Жыл бұрын
@@TheNetworkBerg I saw Max a number of times with SoulFly. It was definitely something special. I didn't see Sepultura when he was there, unfortunately. I remember when my older brother brought home the first Nailbomb album - thats some good stuff if you haven't heard of it!
@pedro_8240 7 ай бұрын
4:39 or, or, or, you do one even better, if your device has a piezo buzzer you could play Seek & Destroy.
@oliver1121 Жыл бұрын
That was all well and good, but how do you protect it if they keep using smokebomb and vanish?
@andrieshrr Жыл бұрын
Great video! What kind of virtualisation software are you using?
@TheNetworkBerg Жыл бұрын
I use VMWare Pro as a hypervisor and the emulation VM I am running is EVE-NG
@jonpinkley2844 Жыл бұрын
Do you know how this protection is done on the switch-port level? Is it using an "extended" ACL in the switch to block DHCP offers?
@shunorrr Жыл бұрын
can you do this with pfsense?
@PhamTienPhong 3 ай бұрын
I'm using router on a stick model so I also have VLAN joined a Bridge at Router. Is it necessary to enable DHCP Snooping on Router's Bridge and trust Router's ether2?
@ubi6874 8 ай бұрын
My scenario is a mk router, with another oem poe switch connected on port 3. The switch hosts my APs. An extender connected to the network to boost signal to grey area is behaving as a rogue server. What do you advise for dhcp snooping since it's only one port that's connected to the mk device ?
@AlanMillerFencepost Жыл бұрын
Would a rogue DHCP server on one of the switches still respond but be blocked? Could the switch then detect and log? Thinking about ways to block them from acting while still being able to detect them because it's an indicator of a problem.
@antoniocerasuolo757 5 ай бұрын
hi if i have 3 LAN bridges each one with its own DHCP server should i create 3 emntries under ALERTS? or do i need to create one Alert and put all 3 DHCP servers in there??
@espeyskop792 8 ай бұрын
hi very useful. If you are willing to share also the topic with option 82, it will help a lot. advance thanks.
@espeyskop792 8 ай бұрын
additional question. if you are using option 82, you can use at least 2 switches or like you said you need more 1 router for additional requirement?
@josepharueyingho9417 8 ай бұрын
Please I would really love to write scripts on my Mikrotik router, How do I go about doing that??
@marn200 Жыл бұрын
Wait im new here. 2:15 is a wireshark link integrated into the mikrotik soft/hardware? how did that work?
@TheNetworkBerg Жыл бұрын
Unfortunately not, in this instance Wireshark is integrated with EVE-NG the network emulation software (VM) that I am running to build this topology. What makes this cool is that you run wireshark against any node so I can see the same results on a Cisco, Juniper, Huawei, HPE, etc.
@LoveJoyPeaceAndHopeForAll Жыл бұрын
what is the drawing tool used here?
@TheNetworkBerg Жыл бұрын
It is a network emulator called EVE-NG, you can download and install it on a Virtual Machine, it does the same thing as GNS3. You build virtual networks that work like real networks (Because they are real images) to get a better understanding of how to configure or build your networks.
@over-klen Жыл бұрын
Are you sure that port 2 on switch 1 should be made trusted? What if the rogue server connects instead of the second switch?
@TheNetworkBerg Жыл бұрын
Then the rogue server will be able to do DHCP again, but this would mean the rogue user would need access to the physical switches and if random people can walk into switching cabinets you have more serious security concerns. You would also quickly pick up if half your network drops because a malicious person unplugged a switch.
@BattousaiHBr Жыл бұрын
@@TheNetworkBerg i just checked the documentation, apparently sw1 ether2 would only have trusted=yes _if_ both sw1 and sw2 are using dhcp option 82, otherwise i'm assuming it would be trusted=no this is because when option 82 is enabled for the bridge, it will automatically discard any packet received on untrusted ports if they have an option 82 field. no mention on behavior of when option 82 is disabled for the receiving device, but i'm assuming it accepts any dhcp client regardless of option 82 field present or not on untrusted ports and only discards dhcp servers.
@ch3vr0n123 Жыл бұрын
is by default dhcp snooping rejection loged? cisco do log by default
@raajseeker Жыл бұрын
Yes you can do it on SW😊
@Johann75 Жыл бұрын
But why not simply isolate all users on Wi-Fi?
@1vanch0 Жыл бұрын
Refuse/resist rogue dhcp chaos servers ad!
@Anavllama Жыл бұрын
If anyone added a rogue router to a work network, then that person would a. be out of a job and b. behind bars LOL not likely, but very possible at a home network.
@BattousaiHBr Жыл бұрын
what actually happens is technicians testing replaced commodity routers by connecting it to the local network and not realizing these come with a DHCP server by default, and then wonder why others start complaining that the network stopped working.
@miltonesss 9 ай бұрын
Very useful... thank you so much!
KiKiDo
Рет қаралды 4 МЛН
Mikrotik Indonesia - Citraweb
Рет қаралды 7 М.