Contact your service provider. They will take the appropriate steps;
anything you do to him would be ambiguous froma legal standpoint, and may
violate your TOS (two wrongs not making a right, and all that.
--
Henry Sieff
Network Nanny
Orthodontic Centers of America
(504) 834-4392 ext.135
> -----Original Message-----
> From: TUDOR PANAITESCU [mailto:tpanaitescu_at_usa.net]
> Sent: Sunday, October 03, 1999 6:38 AM
> To: firewall-wizards_at_nfr.net
> Subject: Bogus DHCP server in the network....
>
>
> Hello fellow wizards,
>
> Here's the picture. I am a client of Adelphia PowerLink
> CableTV. They use DHCP
> for giving IP addresses. In the last weeks a bogus DHCP
> server showed up into
> the network giving addresses in 192.168.244.128/25. The guy
> is using aliasing
> on his Ethernet interface, he has an address aquired from the
> ISP in the ISP's
> range and he configured his interface with 192.168.244.129
> too. I have his
> MAC. He gives DNS services. The system the hacker uses is
> totally protected,
> no ports are "visible" to allow to try to do something to his
> system (can syn
> flood be a solution?). Some time ago the hacker provided
> forwarding also but
> now he's not forwarding anymore anoying lots of people in the
> net as they
> don't have access to the INTERNET. I believe it is a UNIX
> box, most likely
> LINUX with NAT. Now here comes the question: is anything
> there we can do to
> block this guy ?
>
> Any answer will be greately appreciated. I will sumarize also
> for archiving
> purposes.
>
> TIA & best regards,
> Tudor
>
> ____________________________________________________________________
> Get free email and a permanent address at
> http://www.netaddress.com/?N=1
>
Received on Oct 05 1999
Intro
