Ignore DISCOVERs from a certain MAC?

Tina Siegenthaler tina at zool.uzh.ch
Mon Jul 16 13:45:25 UTC 2007

> The rogue requests could be coming from Windows Remote Access (RAS).
> You could try disabling that service on the windows box. RAS tries to
> get up to 10 IP addresses via dhcp so that it can use them for clients
> that want to use the remote access.
> If you use a packet sniffer to look at the packet contents the client
> identifier will contain the string "RAS".
> regards,
> -glenn

Hi Glenn

OK, I captured a packet and looked at it with ethereal, and this is  
what I got:

     Message type: Boot Request (1)
     Hardware type: Ethernet
     Hardware address length: 6
     Hops: 0
     Transaction ID: 0x22726ddf
     Seconds elapsed: 0
     Bootp flags: 0x8000 (Broadcast)
     Client IP address: (
     Your (client) IP address: (
     Next server IP address: (
     Relay agent IP address: (
     Client MAC address: Dell_72:6d:cb (00:14:22:72:6d:cb)
     Server host name not given
     Boot file name not given
     Magic cookie: (OK)
     Option 53: DHCP Message Type = DHCP Discover
     Option 51: IP Address Lease Time = infinity
     Option 12: Host Name = "BMC dhcp"
     Option 55: Parameter Request List

So, the client name is option 12, right (don't have the DHCP handbook  
at hand at the moment)? That would be "BMC dhcp". Any idea what this  
is? I haven't found anything  containing "RAS".


More information about the dhcp-users mailing list