0

I'm getting rogue DHCP traffic leaking in from my ISP, through my router, and my Windows DHCP server is shutting down.

What does MS Widows DHCP server 'Rogue Detection' detect?

At least so far, none of my clients have taken a WAN IP address from the ISP.

I've never had this problem with other ISPs, using the same routing equipment.

As well as doing vast network captures over several days to try and find the problem, I'd like to know if there is anything specific I should be looking for: not just DHCP traffic, but specifically, DHCP traffic that triggers "Rogue Detection" for Windows DHCP server.

user165568
  • 270
  • 1
  • 2
  • 9
  • I'm trying to understand your situation to help you, but it is obvious that you would rather have a discussion about what is true and not. I hope someone else can you help and i'd suggest you eleborate your question and situation. – Martinos Nov 10 '20 at 11:41
  • I thank you for your interest. Clearly you don't know what you are talking about, and would rather tell me that there is no rogue detection! and that my service didn't turn off! Which invites the kind of response you got. – user165568 Nov 12 '20 at 02:01
  • Although I never learned what the criteria was for Rogue Detection events, I did work out how they were happening: at reboot, the router comes up in bridged mode before configuring. In that brief moment, any LAN device doing a DHCP request is bridged to the WAN internet provider... – user165568 Dec 06 '21 at 23:14
  • Happened often enough that now I've disabled rogue detection: HKLM\system\CCS\services\Dhcpserver\paramaters\DisableRogueDetection=1 – user165568 May 23 '22 at 04:23

0 Answers0