Ignore DISCOVERs from a certain MAC?
tina at zool.uzh.ch
Mon Jul 16 13:45:25 UTC 2007
> The rogue requests could be coming from Windows Remote Access (RAS).
> You could try disabling that service on the windows box. RAS tries to
> get up to 10 IP addresses via dhcp so that it can use them for clients
> that want to use the remote access.
> If you use a packet sniffer to look at the packet contents the client
> identifier will contain the string "RAS".
OK, I captured a packet and looked at it with ethereal, and this is
what I got:
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Transaction ID: 0x22726ddf
Seconds elapsed: 0
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: Dell_72:6d:cb (00:14:22:72:6d:cb)
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option 53: DHCP Message Type = DHCP Discover
Option 51: IP Address Lease Time = infinity
Option 12: Host Name = "BMC dhcp"
Option 55: Parameter Request List
So, the client name is option 12, right (don't have the DHCP handbook
at hand at the moment)? That would be "BMC dhcp". Any idea what this
is? I haven't found anything containing "RAS".
More information about the dhcp-users