Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.



Detect runaway DHCP clients

Posts: 12
868     0

I'm wondering how I would set up an alert to catch the occasional rogue client that absolutely hammers a DHCP server with repeat requests. Almost exclusively Cisco phones, once in a while, I'll get a device that issues a few thousand DHCP requests a minute in perpetuity and fills syslog files faster than logrotation can handle as scheduled, causing filesystem full alerts. I would love to get an email if such a client shows up on the network so I could tell the VOIP folks to kill the phone's switchport and possibly based on mac address, send the alert directly to their team.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You