Rogue DHCP Server Detection Tool has been created by the Microsoft Windows DHCP Team to provide system administrators and users with a tool to detect rogue DHCP servers. The team classifies rogue DHCP servers as servers that have been unintentionally misconfigured, unauthorized unknowingly or configured with malicious intent. The impact of these servers on clients that are served by it can be quite critical including the possibilities for network access problems but also sniffing network traffic sent by clients.
The security program is a portable application that can be started right after downloading it from the Technet servers. It will display a graphical user interface that will list all discovered DHCP servers. A click on the Detect Rogue Server button is required to initiate the scan of the computer network.
The Microsoft Rogue Detection Tool will then display all DHCP servers in the list that it considers rogue servers (It is not clear if it classifies all servers as rogue servers in the beginning). Information like the server IP, gateway address and offered client IP are displayed in the list. It is possible to check the valid DHCP server box to classify the server as a valid server which will make that information persistent.
The program can be configured to run once or at specified intervals. It is furthermore possible to select only specific interfaces. Currently only IPv4 interfaces are supported with plans to add IPv6 interfaces in the future.
Microsoft's Rogue Detection Tool can be downloaded from the announcement page over at the DHCP Team blog.