DHCPREQUEST flooding

Thu May 5 16:11:25 UTC 2016

Hi Alex,

2016-05-05 12:57 GMT-03:00 Alex Moen <alexm at ndtel.com>:

> On 05/05/2016 09:51 AM, Patrick Trapp wrote:
>
>> Do the 300-ish devices share anything in particular in their
>> configurations? Is the configuration you shared pertinent to some of your
>> culprits?
>>
>
> Good question, and one that I did not fully address in my original config.
> We're talking ISP customers here, in an aging, rural population. I am
> certain that 99% of these devices are factory config (and probably have
> never been updated) with the only change being a non-factory SSID and
> possibly WPA config (although many don't want a password on their
> wireless). As I did say, there are multiple generations of routers out
> there (Linksys, Cisco, Cisco-Linksys, Belkin), so that doesn't seem to
> indicate a particular model or firmware to target.
>

Can you confirm if this behaviour is not related to PC-devices? Because
those devices could be infected by some malware.
You can see this looking in the OUI part of the MAC addresses on the
requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20160505/a3b790de/attachment.html>