Built off the open source project Osquery
Description: This query looks for DHCP servers that are not in a permitted list.
What The Data Shows: Query shows some possible rogue DHCP servers that should be investigated. The user can specify the list to exclude their DHCP servers.
SQL:
SELECT connection_id,mac,dhcp_enabled,dhcp_server FROM interface_details WHERE dhcp_server NOT IN ('127.0.0.1', '::1','');
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.