dhcpd leases: abandonded

Glenn Satchell glenn.satchell at uniq.com.au
Sat May 1 06:39:26 UTC 2010 

Looks like am unfortunate choice of words in the comment. The address 
(192.168.194.20) is declined, so the server offers an alternate address 
(192.168.194.30). As that address is still free, it offers it to the 
next client that requests one.

An abandoned IP address is one that returns true to a ping before the 
DHCPOFFER. Typically this is used in case some other device is already 
using the IP address that is about to be offered. It mightbe because 
itis manually configured, or there is a rogue dhcp server or some other 
reason. It is used so that the dhcp server won't create a second device 
with the same IP address. It has nothing to do with declined leases. So 
an abandoned IP address has no minimum time, but will not be offered 
until all other free leases have been used.

In this example one client has declined an IP address. This does not 
make it an abandoned address as defined in the paragraph above. Should 
the server now not offer this address to any other client? This seems 
like it would be a very easy way to use a dhcp client as a denial of 
service attack to consume all available IP addresses.

As far as using 'deny declines', the dhcpd.conf has this paragraph:

      The declines flag tells the DHCP server whether  or  not  to
      honor DHCPDECLINE messages.   If it is set to deny or ignore
      in a particular scope, the DHCP server will not  respond  to
      DHCPDECLINE messages.

If the dhcp server were to ignore the decline, then it would potentially 
keep offering the same IP address to the client, which would decline, go 
back to discover and so on in a loop. That probably won't help either. 
Do you know why this client declines the particular IP address?

regards,
-glenn

On 05/01/10 04:27, Jeff Stettenbenz wrote:
> Thanks for your reply.
> I have checked my abandoned leases for activity and there are none.
> I have an abundance of free IP addresses in every block.
>
> I find it interesting the manual says it will only use abandoned IP's once the free addresses are exhausted, yet as you can see here - two minutes after the IP was abandoned, it was offered to a new client.
>
> So, I am interested to know if anyone has used 'deny declines;' and what was the behavior of the client.
> Also, is it possible to increase the amount of time that an IP is marked abandoned before it is supposed to be used?
>
> -----Original Message-----
> From: Jeff Stettenbenz
> Sent: Wednesday, April 28, 2010 5:10 PM
> To: 'dhcp-users at lists.isc.org'
> Subject: dhcpd leases: abandonded
>
> I have an issue where:
>
> -client A declines its lease
> -client A discovers for a new IP
> -dhcpd marks client A's lease as abandoned
> -client A request/offer/ACK's
> -client B dhcpdiscover
> -dhcpd offers client A's IP address
> -client B starts a 4 hour DHCPDISCOVER/DHCPOFFER loop
>
>
> Is there a way to increase the amount of time that an abandoned IP address is set as "abandoned"?
> Should 'deny declines;' be used in this case?
>
> Apr 28 05:11:40 -dhcp-01 dhcpd: DHCPACK on 192.168.194.20 to 00:00:00:aa:bb:cc via 192.168.194.1
> Apr 28 05:11:41 -dhcp-01 dhcpd: Abandoning IP address 192.168.194.20: declined.
> Apr 28 05:11:41 -dhcp-01 dhcpd: DHCPDECLINE of 192.168.194.20 from 00:00:00:aa:bb:cc via 192.168.194.1: not found
> Apr 28 05:11:51 -dhcp-01 dhcpd: DHCPDISCOVER from 00:00:00:aa:bb:ccvia 192.168.194.1
> Apr 28 05:11:52 -dhcp-01 dhcpd: DHCPOFFER on 192.168.194.30 to 00:00:00:aa:bb:cc via 192.168.194.1
> Apr 28 05:11:52 -dhcp-01 dhcpd: DHCPREQUEST for 192.168.194.30 from 00:00:00:aa:bb:cc via 192.168.194.1
> Apr 28 05:11:52 -dhcp-01 dhcpd: DHCPACK on 192.168.194.30 to 00:00:00:aa:bb:cc via 192.168.194.1
> Apr 28 05:13:42 -dhcp-01 dhcpd: Reclaiming abandoned IP address 192.168.194.20.
> Apr 28 05:13:42 -dhcp-01 dhcpd: DHCPDISCOVER from 00:00:00:zz:yy:xx  via 192.168.194.1
> Apr 28 05:13:43 -dhcp-01 dhcpd: DHCPOFFER on 192.168.194.20 to 00:00:00:zz:yy:xx  via 192.168.194.1
> Apr 28 05:13:43 -dhcp-01 dhcpd: DHCPDISCOVER from 00:00:00:zz:yy:xx  via 192.168.194.1
> Apr 28 05:13:43 -dhcp-01 dhcpd: DHCPOFFER on 192.168.194.20 to 00:00:00:zz:yy:xx  via 192.168.194.1
> Apr 28 05:13:45 -dhcp-01 dhcpd: DHCPDISCOVER from 00:00:00:zz:yy:xx  via 192.168.194.1
>
> .
> .
> Apr 28 09:39:18 metronet-dhcp-01 dhcpd: DHCPDISCOVER from 00:00:00:zz:yy:xx  via 192.168.194.1
> Apr 28 09:39:19 metronet-dhcp-01 dhcpd: DHCPOFFER on 192.168.194.20  to 00:00:00:zz:yy:xx  via 192.168.194.1
> Apr 28 09:39:20 metronet-dhcp-01 dhcpd: DHCPREQUEST for 192.168.194.20  from 00:00:00:zz:yy:xx  via 192.168.194.1
> Apr 28 09:39:20 metronet-dhcp-01 dhcpd: DHCPACK on 192.168.194.20  to 00:00:00:zz:yy:xx  via 192.168.194.1
>

More information about the dhcp-users mailing list