block specific dhcp server ip in windows 10

moorthyragav

New Member
In linux versions have option to block DHCP Server IP from offering the ip in dhclient.conf
reject 192.168.56.0/24;
What is the equivalent option in the windows 10 client dhcp configuration.
 

Neemobeer

Cloud Security Engineer
Staff member
You'd need to create firewall rules to block the discover and offer packets, so UDP ports 67/68 to the subnet
 

Gew

Well-Known Member
Any one who could describe this a bit more precise? I'm in an environment where a rogue DHCPd is handing out wrong IPs to my machine, so I want to block it so that the client(s) can get a hold of the real DHCPd instead. However, I don't know the IP of the DHCPd. So, how can I even achieve this? I mean, doesn't DHCPd run on Layer 2 or something like that? Over MAC addresses?
 
Last edited:

Neemobeer

Cloud Security Engineer
Staff member
If you control the network, I'd just run an nmap scan against the entire segment and you should be able to ID the server handing out addresses and remove it, or if possible reconfigure the system. Another option is if you have a switch that supports it enable dhcp snooping and configure it for the system or systems that should be handing out addresses.
 

Gew

Well-Known Member
Thanks for your response @nemobeer!

Unfortunately, I don't control the network or the switch. In fact, it's (sort of) my ISP's RJ45 jack in my home environment. More precise, they currently suffer an issue with a rogue DHCPd (200 customers affected) so i thought I'd try and make a temporary fix myself at home by somehow blocking that "bad" DHCPd on the net. DHCPd snooping on switch level is hence not an option. So this thing which was mentioned in the beginning of this ancient thread (about putting a block rule in Windows firewall) is not really feasible, correct?
 

nataliemor

New Member
The right thing to do would be to scan the network for third-party devices on the network as hardware routers distribute IP faster than software, look at the state of the network that distributes these addresses, and see where territorially these machines are, maybe in one place. If you do not control the network, then at least change the router's IP address. Right now, it is probably 192.168.1.2 iP. It is possible to transfer DHCP servers from one computer to another while keeping all their parameters and real client base. The dhcpexim.exe utility is helpful, as it allows you to save all DHCP server settings to a file and then restore those settings on another DHCP server.
 
Last edited:

WindowsPro

Senior Member
Thanks for your response @nemobeer!

Unfortunately, I don't control the network or the switch. In fact, it's (sort of) my ISP's RJ45 jack in my home environment. More precise, they currently suffer an issue with a rogue DHCPd (200 customers affected) so i thought I'd try and make a temporary fix myself at home by somehow blocking that "bad" DHCPd on the net. DHCPd snooping on switch level is hence not an option. So this thing which was mentioned in the beginning of this ancient thread (about putting a block rule in Windows firewall) is not really feasible, correct?
Buy and install a s.c. "router" to be used at home..

It will have a firewall that hinders the replys from the rougue DNS.. Just make sure that the router connects to the real DNS in it´s settings, and save.. In that case, your own computers will use the router as it´s DNS-server, and the router uses your ISP´s DNS to forward any DNS requests to it..
 
Top