DHCPREQUEST flooding
Alex Moen
alexm at ndtel.com
Thu May 5 16:19:27 UTC 2016
The vast majority of the clients are el-cheapo routers. There are a few
PCs (or, at least, non routers) in there: 5 out of the 300 or so.
On 05/05/2016 11:11 AM, José Queiroz wrote:
> Hi Alex,
>
> 2016-05-05 12:57 GMT-03:00 Alex Moen <alexm at ndtel.com
> <mailto:alexm at ndtel.com>>:
>
> On 05/05/2016 09:51 AM, Patrick Trapp wrote:
>
> Do the 300-ish devices share anything in particular in their
> configurations? Is the configuration you shared pertinent to
> some of your culprits?
>
>
> Good question, and one that I did not fully address in my original
> config. We're talking ISP customers here, in an aging, rural
> population. I am certain that 99% of these devices are factory
> config (and probably have never been updated) with the only change
> being a non-factory SSID and possibly WPA config (although many
> don't want a password on their wireless). As I did say, there are
> multiple generations of routers out there (Linksys, Cisco,
> Cisco-Linksys, Belkin), so that doesn't seem to indicate a
> particular model or firmware to target.
>
>
> Can you confirm if this behaviour is not related to PC-devices? Because
> those devices could be infected by some malware.
> You can see this looking in the OUI part of the MAC addresses on the
> requests.
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
Alex Moen
NSTII
North Dakota Telephone Company
701-662-6481
More information about the dhcp-users
mailing list