Wierd DHCPINFORM log messages
Charles Steinkuehler
cstein at newtek.com
Thu Mar 16 17:41:59 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm running the ISC dhcp server from Debian stable (sarge), and am
getting the following odd log messages from the DHCP server:
Mar 16 09:38:51 furious dhcpd: DHCPINFORM from 4.0.0.0 via eth4: unknown
subnet 0.0.0.0
There are no other interesting log entries nearby, so I fired up tcpdump
to listen to dhcp traffic until I caught some of the offending packets
(example below). Of particular interest (to my limited DHCPINFORM
understanding) are the embedded strings:
Macromedia Flash Proxy Auto-Discovery
uri=rtmp://fcs.doubleclick.net:80/ondemand5
Google searches have turned up a few others reporting seeing the same
log message, but no good hits on either of the embedded content strings.
Anyone got an idea what spews these packets, and/or why the dhcp server
is barfing on them?
Full packet capture follows:
<tcpdump>
23:58:38.532317 IP (tos 0x0, ttl 128, id 29869, offset 0, flags [none],
length: 397) 10.28.18.100.4048 > 255.255.255.255.67: [udp sum ok]
BOOTP/DHCP, Request, length: 369, htype-#0, hlen:0,
xid:0x6e665d77, flags: [none] (0x0000)
Vendor-rfc1048:
VO:116.97.103.61.102.112.97.100.114.101.113.59.116.105.109.101.115.116.97.109.112.61.57.53.56.48.55.52.55.56.54.59.122.111.110.101.61.48.59.117.114.105.61.114.116.109.112.58.47.4
7.102.99.115.46.100.111.117.98.108.101.99.108.105.99.107.46.110.101.116.58.56.48.47.111.110.100.101.109.97.110.100
DHCP:INFORM
PR:VO
VC:"Macromedia Flash Proxy Auto-Discovery"
0x0000: ffff ffff ffff 00e0 295a f60f 0800 4500 ........)Z....E.
0x0010: 018d 74ad 0000 8011 a833 0a1c 1264 ffff ..t......3...d..
0x0020: ffff 0fd0 0043 0179 8c50 0100 0000 6e66 .....C.y.P....nf
0x0030: 5d77 0000 0000 0000 0000 0000 0000 0000 ]w..............
0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0110: 0000 0000 0000 6382 5363 2b51 7461 673d ......c.Sc+Qtag=
0x0120: 6670 6164 7265 713b 7469 6d65 7374 616d fpadreq;timestam
0x0130: 703d 3935 3830 3734 3738 363b 7a6f 6e65 p=958074786;zone
0x0140: 3d30 3b75 7269 3d72 746d 703a 2f2f 6663 =0;uri=rtmp://fc
0x0150: 732e 646f 7562 6c65 636c 6963 6b2e 6e65 s.doubleclick.ne
0x0160: 743a 3830 2f6f 6e64 656d 616e 6435 0108 t:80/ondemand5..
0x0170: 3701 2b3c 254d 6163 726f 6d65 6469 6120 7.+<%Macromedia.
0x0180: 466c 6173 6820 5072 6f78 7920 4175 746f Flash.Proxy.Auto
0x0190: 2d44 6973 636f 7665 7279 ff -Discovery.
</tcpdump>
- --
Charles Steinkuehler
cstein at newtek.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iD8DBQFEGaNnenk4xp+mH40RAuyaAJwLRMeukh+4OmMd5DtatYA3iVMEngCePLBP
0xv1/pXKDdJWPEuSxZDKHN0=
=FYdl
-----END PGP SIGNATURE-----
More information about the dhcp-users
mailing list