Example config with option 82, bogus relays

Joe Polcari jpolcari at bluesocket.com
Tue Jun 17 13:18:27 UTC 2008


As a side note - I just want to understand what is being discussed.
What is circuit-id?


> From: MAtteo HCE Valsasna <valsasna at uninsubria.it>
> Reply-To: <dhcp-users at isc.org>
> Date: Tue, 17 Jun 2008 10:31:53 +0200
> To: <dhcp-users at isc.org>
> Subject: Re: Example config with option 82, bogus relays
> 
> Il giorno mar, 17/06/2008 alle 00.14 +0000, DHCP Users Mailing List ha
> scritto:
>> 
>> Subject: Example config with option 82
>> Date: Mon, 16 Jun 2008 10:15:27 -0500
>> From: "Corley, Kenneth L \(Kenny\)" <corley at alcatel-lucent.com>
>> 
>>> Does anyone have a basic dhcpd config that includes option 82 that
>>> they can share?  I am running 3.0.5.
>>> 
>>> Thanks
>>> Kenny
>>> 
> 
> using option 82 for logging too.
> after importing some bits from Blake (dhcp-message-type, leased-address):
> 
> if ((option dhcp-message-type = 3) and (exists agent.circuit-id)){
>         log(info, concat("relay agent ", binary-to-ascii(10,8,".",option
> agent.remote-id),
>                 " forwarded for client ", option host-name,
>                 ", ", binary-to-ascii(16,8,":", hardware),
>                 " on circuit ", binary-to-ascii(10,8,".",option
> agent.circuit-id),
>                 " for ", binary-to-ascii (10, 8, ".", leased-address)));
> }
> 
> on top of this log I sometimes run a pretty ugly perl script to produce
> a textual relay-agent based network-map (i.e., for each relay agent
> print a list of interfaces and hosts (hostname, mac, IP) connected to
> each interface. 
> 
> part of it is heavly site-specific, as it imports two list of "known"
> mac address, and marks unknown addresses in the output, but it may be
> useful for some.
> 
> on a side topic: from the above map, I notice that one host behave
> somewhat like a relay agent, i.e. every dhcp broadcast he sees he
> resends it again as broadcast.
> As a consequence, I see the request coming both from the port the
> booting client is connected to and from the port to which the bogus
> relay is connected:
> 
> Jun 17 10:16:45 rum dhcpd: relay agent x.x.x.x forwarded for client
> PC-ericngondiep, 1:0:13:77:64:c7:fb on circuit 0.123 for x.x.x.y
> Jun 17 10:16:45 rum dhcpd: relay agent x.x.x.x forwarded for client
> PC-ericngondiep, 1:0:13:77:64:c7:fb on circuit 0.44 for x.x.x.y
> 
> where the client is connected to 0.123, the bogus relay to 0.44
> 
> this happens on HP53xx switches, but only for a few "bogus relay" hosts
> 
> nmap fingerprints the host as
> OS details: Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0 - 8.11.0)
> 
> This is just mildly annoying on my site, but may be a serious problem if
> anybody was limiting the number of leases per port.
> 
> Did anybody see anything alike?
> 
> best regards
> 
> MAtteo
> 
> 



More information about the dhcp-users mailing list