check_dhcp question

Aaron Webber awebber at
Wed Sep 12 21:19:35 CEST 2018

After an incident we have been tasked with detecting rogue DHCP servers on our network. Looking at the check_dhcp plugin it looks like it does 99% of what we need. My specific question relates to us making a change to the check_dhcp.c file and if it would work. My co-worker and I are not familiar enough with the language.

For the section:
                else if(requested_servers>0 && requested_responses==0)
                else if(requested_responses<requested_servers)
                else if(request_specific_address==TRUE && received_requested_address==FALSE)

If we were to add this after the first if
                Else if (valid_responses>1)

Then compile the plugin per the github instructions from there would that alert if we had more than one DHCP response?


[Aaron Webber]

Aaron Webber | Security Systems Engineer
awebber at<mailto:awebber at> | P: 877.210.0126 | F: 801.853.4089
LinkedIn<>  |  Customer Testimonials<>  |  Sales Rep Best Practices<>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6057 bytes
Desc: image002.png
URL: <>

More information about the Help mailing list