Periodic assignment of unique IP address

Thu Nov 29 21:25:16 UTC 2007

Siraj Shaikh wrote:

>I wonder if there is a condition which allows us to check whether
>there are any current/existing TCP connections open on the client -
>before renewing the lease?

Well you could write a program to check what ports are open, but what 
do you do if there is an open connection ? How long do you wait 
before closing it ?

>  > >2) Following up from the above, is there any way of assigning a random
>>  >lease to a particular user class? Random in the sense that I would
>>  >like to pass a range (upper and lower limits) of lease, and then let
>>  >the DHCP Server assign a number in between randomly?
>>
>>  You mean, allocate a range of addresses for a class of client, and
>>  then the addresses are dynamically allocated from that range ? This
>>  is the default and is done like :
>>
>>  subnet ....
>>     ....
>>     pool {
>>       range a.b.c.10 a.b.c.29 ;
>>       allow members of "class1" ;
>>     }
>>  }
>>
>
>Sorry, my orignal question was I think ambigious. What I meant was the
>range of lease time, that is to say, if I assign a range of 5 minutes
>to 3 days, I would like the server to assign a lease for anytime
>between 5 mins and 3 days - and let it choose it randomly.

No, there isn't any facility for that - not in the server anyway. The 
best you could do is set the server to allow lease times of the range 
you want (min, max, and default lease times) and get the client to 
request different times. Or you simply tell the client to renew at a 
random time.

>  > >3) My main question: how do I configure a DHCP client that allows it
>>  >to be assigned a unique IP address everytime it renews its lease? Is
>>  >it possible to configure the DHCP Server such that it assigns a
>>  >particular class of clients (or just particular clients; manually
>>  >assigned) a unique (different to prior) IP address every time their
>>  >lease is renewed? I am interested to know the answer to both
>>  >questions, as in from the configuration of a dhcp client and a dhcp
>>  >server.
>>
>>  For both the server and client, this is specifically against the
>>  requirements of the RFCs which are quite clear that the client should
>>  retain it's address when it renews. Changing a clients address is bad
>>  news - it breaks all it's connections and causes all sort of grief !
>>
>>  What is the reason for wanting the client address to change ?
>
>I should have explained this earlier. As part of my research, I am
>exploring various aspects of deploying a 'network security monitoring'
>sensor on a network segment. The reason for acquiring a unique IP
>address (at every renewal) for this, is to attempt to 'hide' the
>sensor so that it does not stay on a particular IP for a longer time
>(as this may allow an intruder to identify the sensor). The need to
>assign an IP arises because we do want to be able to access some
>services on the machine as well.
>
>May I just add here, we are not interested in assigning a particular
>unique IP address (at every renewal) - just whatever is available from
>the pool (which we will set accordingly ofcourse).

Change the client-id when you want a new address - the server will 
then identify it as a new client and give it a different address. 
This is because the client-id is the primary database key, the mac 
address is only used if the client-id is not present.

>Another option would be to have a client utility that reassigns the IP
>address of the client (it is running on) and perhaps chooses it from a
>range. Is anyone aware of such an existing utility?

No, but it shouldn't take much to knock up a script to do it.