I need to create one UDS to detect and to block DHCP unauthorized in my LAN, someone has been created a UDS to detect DHCP Response and to define to exclude my Authorized DHCP? Some Ideas?
I can't think of a quick way to do that off the top of my head, but I'll recommend that you check out the Custom Attack Definitions guide to see if it is possible:
If you have a rogue DHCP server on your network you would be better off to find and remove it than trying to block it.
I know that, but i need to be alerted at the moment if someone puts any rogue dhcp, im thinking in create one UDS signature to capture botstrap response and to exclude my legitimate dhcp servers, im researching how to make that in a uds.
You can configure DHCP snooping on cisco switch to block rogue DHCP Server. You can configure interface connected to your DHCP Server as trust, so all the DHCP Offer messages from Rogue DHCP Server will be drop(because it received on untrusted Interface)