Is there any protection mechanism for a spamming dhcp client?

Jürgen Dietl juergen.dietl at googlemail.com
Thu Feb 3 13:56:28 UTC 2011


extension to my other post:

Assume I have thousands of printers and maybe some ot that printers have
this behavior. So I dont know exact what printer it will be in future? Its
like a time bomb. My home ist more the CISCO side and there I could for
example do DHCP Snooping where I can also set an amount of maximum dhcp
requests per client per switch-port.

But instead of configuring the security thousand time on the switch side I
want to do it on the central side - the server. So I look for an automatism
that trigger some action in case of too much dhcp requests from a client.

Hope you understand me now.

thanx a lot,
cheers,

ps: I know that so many packets are also bad for the LAN but this is another
story :-) (departement)


2011/2/3 Jürgen Dietl <juergen.dietl at googlemail.com>

> Hello Alex,
>
> no you are not dumb. I did a mistake in understanding and sorry for that.
> The client gets only ONE IP Address but this 590.000 times. So I have a very
> big log file etc. and the cpu usage is also very high.
>
> Concerning the ip-table proposal:
>
> Is there a way to ignore a special amount of packets with ip table? I dont
> want to block all the packets from the client. Can you maybe post an example
> for IP-Tables?
>
>
> thanx a lot,
> cheers,
> Juergen
>
>
> 2011/2/3 Alex Bligh <alex at alex.org.uk>
>
>
>>
>> --On 3 February 2011 10:41:11 +0100 Jürgen Dietl <
>> juergen.dietl at googlemail.com> wrote:
>>
>>  Till somebody powered off the printer the dhcp server got 590.000 dhcp
>>> requests. Of course the pool was empty.
>>>
>>
>> Perhaps I am being a bit dumb here, but if the same device re-requests
>> an IP address, isn't it going to get the same entry from the pool
>> (assuming
>> mac address and client-id are the same). If not, can you not segregate
>> it by assigning it a fixed IP? I am taking it configuring the printer
>> with a fixed IP is not an option.
>>
>> If your dhcp server never needs to talk to the printer at all, you
>> can just ignore dhcp packets using ip tables filtering based
>> on MAC address. That would work well if you configured it with a static
>> IP.
>>
>> --
>> Alex Bligh
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20110203/d690077e/attachment.html>


More information about the dhcp-users mailing list