DISCOVERs from "unkown network segment" - suppress log messages?

[Simon]

Christina Siegenthaler <tina at ieu.uzh.ch> wrote:

> Especially since at the moment only a few buildings have been „upgraded“ (if you can call it that) to the new hardware. It’s going to be real fun when the rest follows and I get DHCP requests from all over the university…

Ooh, that does sound like fun ... not :-(

> (Sorry for the rant)

We all have to let off steam from time to time

>> As you say, simplest to just firewall the packets and ignore it.
> 
> Tried that today, unfortunately to no avail. macOS has pf installed, but obviously pf does not / cannot block DHCP packets or the other way round, dhcpd grabs the DISCOVERs before pf rules come into effect.

You will have to compile it yourself, but there’s a config option to not use raw packets. The downside is that if you turn that off, it can’t handle local clients - only relayed ones.



Sten Carlsen <stenc at s-carlsen.dk> wrote:

> Also I would look at the authoritative statement to not send DHCPNAKs to everybody else (or maybe do it to underline the situation).

Funnily enough, I was thinking something along the same lines - though I was thinking more along the lines of offering bad config information. Downside being that it probably wouldn’t enhance one’s career :-( Perhaps even target the machines used by those who made the “upgrade” decision - though in practice it (probably/possibly) wouldn’t work.
Assuming most management are using Windows, that’s very “sticky” about DHCP. The Windows DHCP server is not RFC compliant, but that’s fixed with client behaviour for Windows machines. You can have a rogue DHCP server on the network for days/weeks/months and it’ll have no effect - then when the Windows server handling the network fails for some reason, the network breaks and no-one can remember using a redundant ADSL router as a switch (and forgetting to turn off it’s DHCP server). I think you can guess how I know that little nugget of experience ;-)



Sten Carlsen <stenc at s-carlsen.dk> wrote:

> I come to think of an earlier thread where some printers were described that would only accept a lease of more than IIRC one year - this could be one of those.

I had that, back in the late 90s/early 00s I think. It was a Minolta copier (early days of digital copiers) which would not take an address by DHCP and I had to manually configure it. I later found out that it would refuse anything shorter than 2 years - for what reason one can only speculate, or perhaps the people imposing that restriction had been smoking something “special”.


Simon