Is there any protection mechanism for a spamming dhcp client?
Glenn Satchell
glenn.satchell at uniq.com.au
Thu Feb 3 10:39:25 UTC 2011
On 02/03/11 20:56, Nicolas Ecarnot wrote:
> Le 03/02/2011 10:41, Jürgen Dietl a écrit :
>> Hello,
>>
>> I am new to this mailing list. So I see a big "Hello World" and I hope
>> to meet interesting people here.
>>
>> I have the following question:
>>
>> I am running ISC DHCP and BIND latest Version and I have a printer that
>> even if it owns an IP-Address it makes thousands of DHCP-Requests per
>> seconds. Till somebody powered off the printer the dhcp server got
>> 590.000 dhcp requests. Of course the pool was empty. I know I can
>> prevent such things with enabling dhcp snooping on network equipment but
>> is there any mechanism that I can do some protection on the server. For
>> example if the server would notice that it is always the same client
>> that asked for an address it should say NO and ignore the client, or put
>> him in a database to refuse any action etc. Is there a way to implement
>> this? Is there any mechanisme?
>
> No answer from me, but I second the question, as I'm experiencing the
> same issue (except the OMG-rate you're undergoing) : on a very small
> bunch of hosts, either the work well in DHCP mode but still request too
> frequently an IP, either some STATIC-IP setup hosts are even asking DHCP
> lease... It's a mad world...
>
There's no rate limiting built into the dhcp server, but I think thatis
possible with iptables.
In dhcpd.conf you can block a client by using "deny booting;" or "ignore
booting;", for example:
class "badguys" {
match hardware;
ignore booting;
}
subclass "badguys" 1:00:01:02:03:04:05;
or
host "bad1" {
hardware ethernet 00:01:02:03:04:05;
ignore booting;
}
The difference between deny and ignore is that deny logs a message,
ignore is silent. In your case I think you want ignore :)
--
regards,
-glenn
--
Glenn Satchell | Miss 9: What do you
Uniq Advances Pty Ltd, Sydney Australia | do at work Dad?
mailto:glenn.satchell at uniq.com.au | Miss 6: He just
http://www.uniq.com.au tel:0409-458-580 | types random stuff.
More information about the dhcp-users
mailing list