does isc dhcp 4.2.3 support blocking client which send many
Martin McCormick
martin at dc.cis.okstate.edu
Wed Mar 7 15:39:37 UTC 2012
Randall C Grimshaw writes:
> just a quick shout out... try ignore-client
That might work, but then you may need to go back in and
remove that MAC address after this fellow/girl sees the error of
their ways and fixes whatever was causing the continuous
hammering of the server. I have seen some of the really powerful
client systems truly make a mess of things when they are not happy and
put literally millions of lines in to the log in the space of 6
or 8 hours. A good mechanism for controlling insane systems
might be to read time intervals between each MAC address contact
and start ignorring anybody who has contacted DHCPD more than X
number of times in X number of seconds. The timeout period for
this MAC would be some other variable of X number of seconds.
Systems that were working normally would not trigger the
time-outs because they would be set to values that aren't ever
reached by properly-working systems.
It's generally pretty obvious when looking at the log
who is working normally and who is broken. The broken system is
usually the one who has been sending DHCPDISCOVERS every second
or is re-registering for the same address for the 2-millionth
time since Midnight.
Even mobile wireless clients moving through the network
don't do that.
If you rank the number of times a MAC address has
contacted dhcpd in a day, the insane systems positively bury the
good ones.
Martin McCormick
More information about the dhcp-users
mailing list