The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Rogue DHCP Servers

Description: This query looks for DHCP servers that are not in a permitted list. 

What The Data Shows: Query shows some possible rogue DHCP servers that should be investigated. The user can specify the list to exclude their DHCP servers. 

SQL: 

SELECT connection_id,mac,dhcp_enabled,dhcp_server FROM interface_details WHERE dhcp_server NOT IN ('127.0.0.1', '::1','');

 

 

1 Comment
jnelson
Carbon Black Employee
Status changed to: Approved