- Several of the computer on the network begin losing their IP addresses or picking up addresses that are not standard on your network.
- Due to overlapping address ranges being handed out, several machines on your network report IP address conflicts.
- You see an abnormally large amount of DHCP traffic (UDP ports 67 and 68) flowing through the network when doing a packet capture.
- Since the chances are that the rogue DHCP server is there for malicious intent, the amount of virus traffic being caught by your network's virus monitoring system could potentially increase dramatically. Along these same lines, you could also see an increase in bandwidth.
Chris Sanders is the network administrator for one of the largest public school systems in the state of Kentucky. Chris's specialties include general network administration, windows server 2003, wireless networking, and security. You can view Chris' personal website at www.chrissanders.org.