security impact of accepting dhcp declines
abb at gremwell.com
Thu Oct 21 11:51:12 UTC 2010
I wonder if somebody could clarify how DHCP server will behave when somebody
tries to exhaust its pool by abusing DHCPDECLINE messages. The manpages for
dhcpcd.conf says the following:
The declines keyword
The DHCPDECLINE message is used by DHCP clients to indicate that
lease the server has offered is not valid. When the server receives
DHCPDECLINE for a particular address, it normally abandons
address, assuming that some unauthorized system is using it. *
* *nately, a malicious or buggy client can, using DHCPDECLINE
* *completely exhaust the DHCP server's allocation pool*. The server
reclaim these leases, but while the client is running through the
it may cause serious thrashing in the DNS, and it will *also cause
* *DHCP server to forget old DHCP client address allocations*.
The declines flag tells the DHCP server whether or not to honor
CLINE messages. If it is set to deny or ignore in a particular
the DHCP server will not respond to DHCPDECLINE messages.
I don't get the part about trashing DNS. Does this refer to the case when
DNS updates are on?
And the statement about reclaiming these leases, but forgetting old DHCP
client allocations... Will DHCP server start throwing away existing leases
when the pool get exhausted?
Any input and/or reference to the official docs relevant to my question are
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dhcp-users