Static DHCP on an IP Bridge

Mon Feb 4 10:26:30 UTC 2008

Hi,
We're using a Motorola Canopy, I forgot to mention we intentionally made it like an ARP Proxy. We term it MAC translation.
Somehow, demonic users are able to copy MAC Addresses of a pc of another user and do some nasty things when they do this. 
This MAC Transalation helps solve this, but the problem is the duplicate IP's still bother others because of the IP conflicts. Duplicate IP's caused by DHCP seeing only the dhcp_packet mac and not the link layer mac.

Anyways someone mentioned that DHCP bypasses netfilter, is there a way to tweak DHCP in order for it not to do this?
I do have a program that intercepts the UDP dhcp packet in netfilter and changes the payload. But because DHCP doesn't pass by netfilter, the program is chop liver.

----- Original Message ----
From: Jonathan Petersson <jpetersson at garnser.se>
To: dhcp-hackers at isc.org
Sent: Monday, February 4, 2008 5:20:20 PM
Subject: Re: Static DHCP on an IP Bridge

Well, 
it 
really 
depends 
on 
what 
kind 
of 
appliance 
you're 
using.

The 
manual 
or 
technical 
support 
from 
the 
company 
producing 
it 
is 
always 
a 
good 
option.

Vincent 
Arniego 
wrote:
> 
Hi 
There,
> 
Somehow 
the 
wireless 
bridge 
device 
is 
acting 
like 
an 
ARP 
proxy.
> 
changing 
the 
MAC 
Address 
as 
it 
passes 
through 
it.
>
> 
And 
the 
router 
where 
the 
AP 
is 
located, 
checks 
out 
the 
ARP 
of 
the 
bridge 
appliance.
> 
Yeah 
that's 
what 
I 
thought 
so, 
I 
think 
I 
have 
to 
tweak 
the 
server 
itself,
>
> 
any 
tips 
on 
where 
to 
go 
on 
this?
>
>
> 
----- 
Original 
Message 
----
> 
From: 
Jonathan 
Petersson 
<jpetersson at garnser.se>
> 
To: 
dhcp-hackers at isc.org
> 
Sent: 
Monday, 
February 
4, 
2008 
3:27:25 
PM
> 
Subject: 
Re: 
Static 
DHCP 
on 
an 
IP 
Bridge
>
>
> 
I'm 
> 
not 
> 
sure 
> 
if 
> 
this 
> 
is 
> 
tweakable 
> 
in 
> 
the 
> 
DHCP 
> 
server 
> 
but 
> 
you 
> 
might 
> 
to 
> 
have 
> 
a 
> 
look 
> 
at 
> 
your 
> 
ARP 
> 
settings 
> 
between 
> 
the 
> 
networks.
>
> 
Vincent 
> 
Arniego 
> 
wrote:
>  

> 
Hi 
> 
Everyone,
>  

> 
I 
> 
have 
> 
a 
> 
problem 
> 
similar 
> 
to 
> 
this 
> 
one:
>  

>>  

> 
http://marc.info/?l=dhcp-hackers&m=118314734327638&w=2
>  

>>  

> 
I 
> 
wonder 
> 
if 
> 
anyone 
> 
can 
> 
help 
> 
me 
> 
to 
> 
solve 
> 
this.
>  

>>  

> 
I 
> 
did 
> 
notice 
> 
somethings, 
> 
and 
> 
I 
> 
just 
> 
need 
> 
someone 
> 
to 
> 
verify 
> 
these:
>  

>>  

> 
Can 
> 
the 
> 
packet() 
> 
directive 
> 
in 
> 
dhcpd.conf 
> 
help 
> 
to 
> 
address 
> 
this?
>  

> 
I 
> 
saw 
> 
a 
> 
"data: 
> 
packet: 
> 
raw 
> 
packet 
> 
not 
> 
available" 
> 
when 
> 
I 
> 
start 
> 
dhcpd, 
> 
I 
> 
do 
> 
you 
> 
make 
> 
the 
> 
raw 
> 
packet 
> 
available?
>  

>>  

> 
Thanks 
> 
and 
> 
Regards,
>  

>>  

> 
Vincent
>  

>>
>>
>>  
>>  

>  

>  

>  
> 
____________________________________________________________________________________
>  

> 
Be 
> 
a 
> 
better 
> 
friend, 
> 
newshound, 
> 
and 
>  

> 
know-it-all 
> 
with 
> 
Yahoo! 
> 
Mobile.  
> 
Try 
> 
it 
> 
now.  
> 
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 
>  

>>  
>>  

>  
>
>
>
>
>
>
>
>
>  

____________________________________________________________________________________
> 
Never 
miss 
a 
thing.  
Make 
Yahoo 
your 
home 
page. 
> 
http://www.yahoo.com/r/hs
>
>
>  

      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 