How to prevent getting a dhcp configuration from an unauthorised server

Bryan Fury

Junior Member
Oct 10, 2005
5
0
0
I have a big problem~I connect to my ISP using wireless connection and after that I should receive a configuration set based on public IP from his dhcp. However, it seems there is another (unauthorised) dhcp server in the network (probably an other user running some private home network or something) and I keep getting my parameters from his dhcp (from private IP range) rather than from ISP's dhcp. I've contacted my ISP, but they seem either uninterested to help or don't know how to help me. So, is there some way to prevent my computer from getting IP configuration from the wrong dhcp, that is, to make ISP's dhcp preffered one? Thanks~
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,516
408
126
Welcome to AT Network Forum.

Might help if you would describe the hardware and what else is technically involved. It does not seem that you are dealing with regular commercial ISP.

:sun
 

Atheus

Diamond Member
Jun 7, 2005
7,313
2
0
You will want to find the IP address of the real server and change your firewall settings to block all 'DHCP offer' packets coming from anywhere else. Or you could just block the rogue server and allow all other DHCP in case your ISP changes the address of it's server.

You need a 'real' firewall for this, i.e. not the windows firewall or a consumer router (although you can flash the firmware on most routers to add a proper firewall).

 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
Wait.

Exactly what kind of Internet connection do you have?
By wireless, do you mean an RF connection from an antenna on your home/office to an antenna on a mountain or telephone pole somewhere (like Sprint Broadband)?

Or do you mean you have Cable Modem or DSL, and you have a wireless router?
And you are accidentally joining your next-door neighbor's WiFi network?
 

Bryan Fury

Junior Member
Oct 10, 2005
5
0
0
Thanks for the welcome :) Yes, I admit I didn't provide enough information regarding my question. My computer is running WinXp and it's connected to provider's access point (and actually, it is a regular commercial one, just bear in mind it's Serbia here, so anything is possible ;)) through my access point (Planet WAP-4000) which runs in client mode. I guess there is some other people connected to the same provider's access point and who have their own private network or something like that. Intentionally or unintentionally, in that private network there's a dhcp service running and time and again I'm receiving my configuration from that dhcp rather than from the ISP's. Basically, I'm just wondering about some way to block or filter the rouge dhcp. Preferably with help of some software firewall or similar solution as Atheus suggested, since I know both the addresses of the right and wrong dhcp server.
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
If you are using the WAP-4000 in AP Client mode, then it is associating with the wrong Access Point on the other end. You can either set the MAC address of the proper Acess Point, or you can click the "Site Survey" button and connect to the proper Access Point.

Alternatively, your XP computer is simply associating with the wrong network. In XP, view the available wireless networks and set your own Access Point as the preferred connection.
 

Bryan Fury

Junior Member
Oct 10, 2005
5
0
0
Hm... I'm afraid that's not the case. There is just one access point and no other. The problem is with other users connected to the same ISP's AP. My computer is connected to my AP (Planet) by LAN cable, so viewing available wifi networks is not available of course.
Maybe I should rephrase the question~can someone recommend a firewall that can be set to reject dhcp offer from an unauthorised dhcp server? Currently I'm using Zone Alarm, and I don't think it has such an option.
 

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
If the only problem is that your PC is getting an incorrect DHCP offer, it'd seem that you could block DHCP offers from the other server by creating and assigning a local IP Security Policy in XP. This Policy would block incoming UDP traffic on port 67 and port 68 (the DHCP ports) from the IP address that is delivering the wrong DHCP addresses. You can determine THAT IP by examining the IPCONFIG /ALL properties and seeing what your (rogue) DHCP server's IP address is.
 

Bryan Fury

Junior Member
Oct 10, 2005
5
0
0
Thanks for the suggestion! I think it should work, because that is the only problem as you have put it. I'll definitely give it a try :)
 

Bryan Fury

Junior Member
Oct 10, 2005
5
0
0
Hehe. Of course, the wrong IP configuration didn't come from my own device~it was definitely from a different scope. I tried the solution that RebateMonger suggested and so far so good. Hope it stays like that :)