{"id":248294,"date":"2024-04-30T15:53:34","date_gmt":"2024-04-30T15:53:34","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&#038;p=248294"},"modified":"2024-04-30T15:53:34","modified_gmt":"2024-04-30T15:53:34","slug":"automatiser-la-detection-des-serveurs-dhcp-malveillants","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/fr\/script-hub\/automatiser-la-detection-des-serveurs-dhcp-malveillants\/","title":{"rendered":"Guide de script : Automatiser la d\u00e9tection des serveurs DHCP malveillants avec PowerShell"},"content":{"rendered":"<h2>Points \u00e0 retenir<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>D\u00e9tection automatis\u00e9e de DHCP frauduleux<\/strong>: Le script automatise le processus de d\u00e9tection des serveurs <a href=\"https:\/\/www.ninjaone.com\/fr\/it-hub\/it-service-management\/qu-est-ce-que-dhcp-dynamic-host-configuration-protocol\/\">DHCP<\/a> non autoris\u00e9s, ce qui renforce la s\u00e9curit\u00e9 du r\u00e9seau.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Int\u00e9gration Nmap<\/strong>: Utilise nmap pour une analyse compl\u00e8te du r\u00e9seau, ce qui n\u00e9cessite son installation pr\u00e9alable.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>Param\u00e8tres personnalisables<\/strong>: Permet une personnalisation gr\u00e2ce \u00e0 des param\u00e8tres tels que les serveurs DHCP autoris\u00e9s et les champs de sortie.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Analyse ax\u00e9e sur les sous-r\u00e9seaux<\/strong>: L&rsquo;extraction et l&rsquo;analyse des sous-r\u00e9seaux garantissent une analyse cibl\u00e9e et efficace du r\u00e9seau.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><strong>Maintenance de la s\u00e9curit\u00e9 en temps r\u00e9el<\/strong>: Id\u00e9al pour les contr\u00f4les r\u00e9guliers du r\u00e9seau, permettant de maintenir la s\u00e9curit\u00e9 en temps r\u00e9el et l&rsquo;int\u00e9grit\u00e9 op\u00e9rationnelle.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><strong>Comparaison facile avec la liste autoris\u00e9e<\/strong>: Compare automatiquement les serveurs d\u00e9tect\u00e9s \u00e0 une liste pr\u00e9d\u00e9finie de serveurs DHCP autoris\u00e9s.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"7\" data-aria-level=\"1\"><strong>Production et rapports automatis\u00e9s<\/strong>: Les r\u00e9sultats sont pr\u00e9sent\u00e9s dans un format convivial et s&rsquo;int\u00e8grent \u00e0 des outils de gestion de r\u00e9seau tels que NinjaOne.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"8\" data-aria-level=\"1\"><strong>Gestion am\u00e9lior\u00e9e du r\u00e9seau<\/strong>: Rationalise la gestion du r\u00e9seau, en particulier pour les professionnels de l&rsquo;informatique et les MSP qui g\u00e8rent de grands r\u00e9seaux.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"9\" data-aria-level=\"1\">La<strong>minimisation des risques<\/strong>: R\u00e9duit consid\u00e9rablement le risque de probl\u00e8mes de r\u00e9seau et de failles de s\u00e9curit\u00e9 caus\u00e9s par des serveurs DHCP malveillants.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"10\" data-aria-level=\"1\"><strong>Droits d&rsquo;administration requis<\/strong>: Pour fonctionner efficacement, il faut disposer de privil\u00e8ges administratifs.<\/li>\n<\/ul>\n<p>Comprendre et g\u00e9rer la s\u00e9curit\u00e9 des r\u00e9seaux est la pierre angulaire de l&rsquo; <a href=\"https:\/\/www.ninjaone.com\/fr\/efficacite\">efficacit\u00e9 des op\u00e9rations informatiques<\/a>, en particulier dans l&rsquo;environnement interconnect\u00e9 d&rsquo;aujourd&rsquo;hui. L&rsquo;identification des serveurs DHCP malveillants, qui peuvent \u00eatre \u00e0 l&rsquo;origine de graves probl\u00e8mes de r\u00e9seau et de vuln\u00e9rabilit\u00e9s en mati\u00e8re de s\u00e9curit\u00e9, est une t\u00e2che essentielle pour les professionnels de l&rsquo;informatique et les <a href=\"https:\/\/www.ninjaone.com\/fr\/quest-ce-quun-msp\">fournisseurs de services g\u00e9r\u00e9s (Managed Service Providers &#8211; MSP)<\/a>. Cet article de blog se penche sur un script PowerShell con\u00e7u \u00e0 cette fin, en d\u00e9crivant sa fonctionnalit\u00e9 et son importance pour le maintien de l&rsquo;int\u00e9grit\u00e9 du r\u00e9seau.<\/p>\n<h2>Contexte<\/h2>\n<p>Les serveurs DHCP malveillants sont des serveurs DHCP non autoris\u00e9s sur un r\u00e9seau. Ils peuvent entra\u00eener toute une s\u00e9rie de probl\u00e8mes, depuis les conflits d&rsquo;adresses IP jusqu&rsquo;\u00e0 des risques de s\u00e9curit\u00e9 graves tels que les attaques de type \u00ab\u00a0man-in-the-middle\u00a0\u00bb. Ce script PowerShell automatise le processus de recherche de ces serveurs \u00e0 l&rsquo;aide de nmap, un outil d&rsquo;analyse de r\u00e9seau r\u00e9put\u00e9, am\u00e9liorant ainsi la s\u00e9curit\u00e9 du r\u00e9seau et l&rsquo;efficacit\u00e9 op\u00e9rationnelle. Il est particuli\u00e8rement utile pour les professionnels de l&rsquo;informatique et les MSP qui g\u00e8rent de grands r\u00e9seaux dynamiques pour lesquels la surveillance manuelle n&rsquo;est pas pratique.<\/p>\n<h2>Le script :<\/h2>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"powershell\">#Requires -Version 4.0\r\n\r\n&lt;#\r\n.SYNOPSIS\r\n    Runs an nmap scan to find rogue dhcp servers on a network. This script will not install nmap and nmap is required for this script to work.\r\n.DESCRIPTION\r\n    Runs an nmap scan to find rogue dhcp servers on a network. This script will not install nmap and nmap is required for this script to work.\r\n.EXAMPLE\r\n    (No Parameters)\r\n    \r\n    DHCP Servers found.\r\n\r\n    Mac Address       IP Address    \r\n    -----------       ----------    \r\n    00:15:5D:FF:93:C3 172.17.240.1  \r\n                      172.17.242.16 \r\n    00:15:5D:45:D5:07 172.17.251.231\r\n\r\n\r\n\r\n    Checking allowed servers list...\r\n    C:\\ProgramData\\NinjaRMMAgent\\scripting\\customscript_gen_14.ps1 : Rogue DHCP Server Found! 172.17.240.1 is not on the \r\n    list of allowed DHCP Servers.\r\n        + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException\r\n        + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,customscript_gen_14.ps1\r\n\r\nPARAMETER: -AllowedServers \"172.17.240.1\"\r\n    Lists 172.17.240.1 as an allowed dhcp server.\r\n\r\nPARAMETER: -CustomField \"ReplaceMeWithAnyMultilineCustomField\"\r\n    Output results to a custom field of your choice.\r\n\r\nPARAMETER: -AllowedServersField \"ReplaceMeWithAnyTextCustomField\"\r\n    Will retrieve a list of allowed servers from a custom field.\r\n    \r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Minimum Supported OS: Windows 8, Server 2012\r\n    Release Notes: Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#&gt;\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [String[]]$AllowedServers,\r\n    [Parameter()]\r\n    [String]$CustomField = \"rogueDHCPServers\",\r\n    [Parameter()]\r\n    [String]$AllowedServersField = \"allowedDHCPServers\"\r\n)\r\n\r\nbegin {\r\n\r\n    # If script variables are used set them here\r\n    if($env:allowedServersCustomField -and $env:allowedServersCustomField -notlike \"null\"){\r\n        $AllowedServersField = $env:allowedServersCustomField\r\n    }\r\n\r\n    if($AllowedServersField -and -not ($AllowedServers)){\r\n        $AllowedServers = (Ninja-Property-Get $AllowedServersField) -split ',' | ForEach-Object { ($_).trim() }\r\n    }\r\n\r\n    if($env:allowedServers -and $env:allowedServers -notlike \"null\"){\r\n        $AllowedServers = $env:AllowedServers -split ',' | ForEach-Object { ($_).trim() }\r\n    }\r\n\r\n    if($env:customFieldName -and $env:customFieldName -notlike \"null\"){\r\n        $CustomField = $env:customFieldName \r\n    }\r\n\r\n    # Parses out the subnet info into cidr format\r\n    function Get-Subnet {\r\n        $DefaultGateways = (Get-NetIPConfiguration).IPv4DefaultGateway\r\n\r\n        $Subnets = $DefaultGateways | ForEach-Object {\r\n            $Index = $_.ifIndex\r\n            $PrefixLength = (Get-NetIPAddress | Where-Object { $_.AddressFamily -eq 'IPv4' -and $_.PrefixOrigin -ne 'WellKnown' -and $Index -eq $_.InterfaceIndex } | Select-Object -ExpandProperty PrefixLength)\r\n            if ($_.NextHop -and $PrefixLength) {\r\n                \"$($_.NextHop)\/$PrefixLength\"\r\n            }\r\n        }\r\n\r\n        if ($Subnets) {\r\n            $Subnets | Select-Object -Unique\r\n        }\r\n    }\r\n\r\n    # Handy uninstall string finder\r\n    function Find-UninstallKey {\r\n        [CmdletBinding()]\r\n        param (\r\n            [Parameter(ValueFromPipeline = $True)]\r\n            [String]$DisplayName,\r\n            [Parameter()]\r\n            [Switch]$UninstallString\r\n        )\r\n        process {\r\n            $UninstallList = New-Object System.Collections.Generic.List[Object]\r\n\r\n            $Result = Get-ChildItem HKLM:\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\* | Get-ItemProperty | Where-Object { $_.DisplayName -like \"*$DisplayName*\" }\r\n            if ($Result) { $UninstallList.Add($Result) }\r\n\r\n            $Result = Get-ChildItem HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\* | Get-ItemProperty | Where-Object { $_.DisplayName -like \"*$DisplayName*\" }\r\n            if ($Result) { $UninstallList.Add($Result) }\r\n\r\n            # Programs don't always have an uninstall string listed here so to account for that I made this optional.\r\n            if ($UninstallString) {\r\n                $UninstallList | Select-Object -ExpandProperty UninstallString -ErrorAction SilentlyContinue\r\n            }\r\n            else {\r\n                $UninstallList\r\n            }\r\n        }\r\n    }\r\n\r\n    $Nmap = (Find-UninstallKey -DisplayName \"Nmap\" -UninstallString) -replace '\"' -replace 'uninstall.exe', 'nmap.exe'\r\n    if (-not $Nmap) {\r\n        Write-Error \"Nmap is not installed! Please install nmap prior to running this script. https:\/\/nmap.org\/download.html\"\r\n        exit 1\r\n    }\r\n}\r\nprocess {\r\n\r\n    # Get's a list of subnets\r\n    $Subnets = Get-Subnet\r\n    if (-not $Subnets) {\r\n        Write-Error \"Unable to get list of subnets?\"\r\n        exit 1\r\n    }\r\n\r\n    # nmap arguments\r\n    $Arguments = @(\r\n        \"-sU\"\r\n        \"-p\"\r\n        \"67\"\r\n        \"-d\"\r\n        $Subnets\r\n        \"--open\"\r\n        \"-oX\"\r\n        \"$env:TEMP\\nmap-results.xml\"\r\n    )\r\n    try {\r\n        Start-Process -FilePath $Nmap -ArgumentList $Arguments -WindowStyle Hidden -Wait\r\n        [xml]$result = Get-Content -Path \"$env:Temp\\nmap-results.xml\"\r\n    }\r\n    catch {\r\n        Write-Error \"Nmap scan failed to run! Ensure nmap is installed prior to running this script.\"\r\n        exit 1\r\n    }\r\n\r\n    # Parse the xml results\r\n    if ($result) {\r\n        $resultObject = $result.DocumentElement.host | ForEach-Object {\r\n            New-Object psobject -Property @{\r\n                \"IP Address\"  = ($_.address | Where-Object { $_.addrtype -match \"ip\" } | Select-Object -ExpandProperty \"addr\")\r\n                \"Mac Address\" = ($_.address | Where-Object { $_.addrtype -match \"mac\" } | Select-Object -ExpandProperty \"addr\")\r\n            }\r\n        }\r\n    }\r\n    else {\r\n        Write-Error \"Nmap results are empty?\"\r\n        exit 1\r\n    }\r\n\r\n    # Check if the dhcp servers found are on the list. If so simply report back what were found otherwise indicate that they're Rogue DHCP Servers.\r\n    if ($resultObject) {\r\n        Write-Host \"DHCP Servers found.\"\r\n        $resultObject | Sort-Object -Property \"IP Address\" -Unique | Format-Table | Out-String | Write-Host\r\n        Remove-Item -Path \"$env:Temp\\nmap-results.xml\" -Force\r\n\r\n        Write-Host \"Checking allowed servers list...\"\r\n        $ErrorOut = $False\r\n        $resultObject | ForEach-Object {\r\n            if ($AllowedServers -notcontains $_.\"IP Address\") {\r\n                Write-Error \"Rogue DHCP Server Found! $($_.'IP Address') is not on the list of allowed DHCP Servers.\"\r\n                $ErrorOut = $True\r\n            }\r\n        }\r\n\r\n        Ninja-Property-Set -Name $CustomField -Value ($resultObject | Where-Object { $AllowedServers -notcontains $_.\"IP Address\" } | Format-List | Out-String)\r\n\r\n        if($ErrorOut -eq $True){\r\n            exit 1\r\n        }\r\n\r\n        Write-Host \"No rogue dhcp servers found.\"\r\n    }\r\n}\r\nend {\r\n    \r\n    \r\n    \r\n}<\/pre>\n<p>&nbsp;<\/p>\n\n<div class=\"in-context-cta\"><p>Acc\u00e9dez \u00e0 plus de 700 scripts dans le Dojo NinjaOne<\/p>\n<p><a href=\"https:\/\/www.ninjaone.com\/fr\/phase-de-test-gratuit\/\">Obtenir l&rsquo;acc\u00e8s<\/a><\/p>\n<\/div>\n<h2>Description d\u00e9taill\u00e9e<\/h2>\n<p>Le script fonctionne en plusieurs \u00e9tapes :<\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>Initialisation<\/strong>\u00a0: Il commence par d\u00e9finir des param\u00e8tres tels que les serveurs DHCP autoris\u00e9s et les champs personnalis\u00e9s pour la sortie, ce qui permet une personnalisation en fonction d&rsquo;environnements r\u00e9seau sp\u00e9cifiques.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Identification du sous-r\u00e9seau<\/strong>: Il utilise une fonction permettant d&rsquo;extraire du r\u00e9seau des informations sur les sous-r\u00e9seaux, essentielles pour cibler l&rsquo;analyse.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><strong>Int\u00e9gration Nmap<\/strong>: Le script v\u00e9rifie l&rsquo;installation de nmap, qui est essentiel pour l&rsquo;analyse. Il ex\u00e9cute ensuite un scan nmap sur les sous-r\u00e9seaux identifi\u00e9s, \u00e0 la recherche de serveurs DHCP actifs.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><strong>Analyse du r\u00e9sultat<\/strong>: Apr\u00e8s l&rsquo;analyse, le script analyse la sortie XML de nmap, en extrayant les adresses IP et MAC des serveurs DHCP trouv\u00e9s.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><strong>Validation par rapport \u00e0 la liste autoris\u00e9e<\/strong>: Il compare les serveurs DHCP trouv\u00e9s \u00e0 une liste de serveurs autoris\u00e9s et signale les serveurs non autoris\u00e9s (malveillants).<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><strong>Sortie et nettoyage<\/strong>: Les r\u00e9sultats sont ensuite affich\u00e9s et les fichiers temporaires cr\u00e9\u00e9s par le script sont nettoy\u00e9s.<\/li>\n<\/ul>\n<p>Un diagramme visuel accompagnant cette explication pourrait illustrer le flux de l&rsquo;initialisation \u00e0 la sortie du r\u00e9sultat, am\u00e9liorant ainsi la compr\u00e9hension.<\/p>\n<h2>Cas d&rsquo;utilisation potentiels<\/h2>\n<p>Prenons l&rsquo;exemple d&rsquo;une grande entreprise disposant de plusieurs sous-r\u00e9seaux g\u00e9r\u00e9s par un service informatique. Ce script peut \u00eatre programm\u00e9 pour \u00eatre ex\u00e9cut\u00e9 p\u00e9riodiquement, afin de garantir qu&rsquo;aucun serveur DHCP non autoris\u00e9 n&rsquo;apparaisse sur le r\u00e9seau, ce qui permet de maintenir l&rsquo;int\u00e9grit\u00e9 du r\u00e9seau et de pr\u00e9venir les failles de s\u00e9curit\u00e9 potentielles.<\/p>\n<h2>Comparaisons<\/h2>\n<p>Les v\u00e9rifications manuelles ou les outils de surveillance de base du r\u00e9seau peuvent ne pas d\u00e9tecter les serveurs DHCP malveillants ou n\u00e9cessiter une main-d&rsquo;\u0153uvre importante. En revanche, ce script automatise le processus, est plus complet et s&rsquo;int\u00e8gre \u00e0 des outils existants tels que NinjaOne pour am\u00e9liorer les capacit\u00e9s de gestion.<\/p>\n<h2>FAQ<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><strong>\u00c0 quelle fr\u00e9quence dois-je ex\u00e9cuter ce script ?<\/strong>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\">Il est recommand\u00e9 de proc\u00e9der \u00e0 une ex\u00e9cution r\u00e9guli\u00e8re, par exemple une fois par semaine ou apr\u00e8s toute modification importante du r\u00e9seau.<\/li>\n<\/ul>\n<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><strong>Ai-je besoin d&rsquo;autorisations sp\u00e9ciales pour ex\u00e9cuter ce script\u00a0?<\/strong>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\">Oui, des droits d&rsquo;administration sont g\u00e9n\u00e9ralement requis pour l&rsquo;analyse du r\u00e9seau.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Implications<\/h2>\n<p>Les serveurs DHCP malveillants non identifi\u00e9s peuvent entra\u00eener des risques importants pour la s\u00e9curit\u00e9. L&rsquo;automatisation de leur d\u00e9tection minimise ces risques, contribuant ainsi \u00e0 la s\u00e9curit\u00e9 globale du r\u00e9seau et \u00e0 l&rsquo;efficacit\u00e9 op\u00e9rationnelle.<\/p>\n<h2>Recommandations<\/h2>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\">Mettez r\u00e9guli\u00e8rement \u00e0 jour la liste des serveurs DHCP autoris\u00e9s.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\">Int\u00e9grez ce script \u00e0 des outils plus larges de surveillance et de gestion du r\u00e9seau.<\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\">Assurez-vous que nmap est correctement install\u00e9 et mis \u00e0 jour.<\/li>\n<\/ul>\n<h2>Conclusion :<\/h2>\n<p>Dans le domaine de la s\u00e9curit\u00e9 et de la gestion des r\u00e9seaux, des outils comme NinjaOne, compl\u00e9t\u00e9s par des scripts comme celui-ci, offrent des solutions solides pour <a href=\"https:\/\/www.ninjaone.com\/fr\/rmm\/securite-des-terminaux-endpoints-endpoints\/\">maintenir l&rsquo;int\u00e9grit\u00e9 du r\u00e9seau<\/a>. En <a href=\"https:\/\/www.ninjaone.com\/fr\/script-hub\">automatisant les t\u00e2ches critiques<\/a>, telles que la recherche de serveurs DHCP malveillants, NinjaOne aide les professionnels de l&rsquo;informatique \u00e0 se concentrer sur des initiatives strat\u00e9giques tout en garantissant la s\u00e9curit\u00e9 et la fiabilit\u00e9 de leurs r\u00e9seaux.<\/p>\n","protected":false},"author":35,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4286],"class_list":["post-248294","script_hub","type-script_hub","status-publish","hentry","script_hub_category-windows"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/script_hub\/248294","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/comments?post=248294"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/media?parent=248294"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/operating_system?post=248294"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/fr\/wp-json\/wp\/v2\/use_cases?post=248294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}