Force DHCP server to assign new IP to client

Jeffrey Zheng jeffreyzheng at
Wed Oct 15 03:14:39 UTC 2014

First of all, thank you so much for your replies and I have learned a lot from your responses.
I am working on a security research project in an isolated internal network, so fortunately there will not be any frustrated or angry clients :-). Basically the research is trying to find a way to randomly change clients' IP addresses so that any IP-based attack or reconnaissance might be thwarted, that is why I am looking into the DHCP server to see if I can use it to achieve the goal. Any suggestions are very appreciated.

Jeffrey Zheng
The words of the reckless pierce like swords, but the tongue of the wise brings healing. (Proverbs 12:18)

==> How to create a strong and secure password - part one==> How to create a strong and secure password - part two

> Date: Wed, 15 Oct 2014 12:23:14 +1100
> Subject: Re: Force DHCP server to assign new IP to client
> From: glenn.satchell at
> To: dhcp-users at
> Hi Jeffrey
> Perhaps you could give us some more information as to why you want this
> type of behaviour? Perhaps there may be a different way to achieve what
> you want?
> regards,
> -glenn
> On Wed, October 15, 2014 1:24 am, Simon Hobson wrote:
> > Jeffrey Zheng <jeffreyzheng at> wrote:
> >
> >> I am working on a project in which I would like to force DHCP server to
> >> assign a new IP address to client whenever the client sends an IP
> >> request, instead of keeping the current IP address. Is it possible? If
> >> yes, can someone please tell me how to do it?
> >
> > As Chuck so eloquently put it, it's a recipe for "unhappy" clients. At the
> > very least it will terminate all active connections every time the client
> > renews it's lease, and with some clients it may cause bigger problems as
> > there have been reports on this list from time to time of clients not
> > handling changed leases very well.
> >
> > As pointed out, it's against the letter and spirit of the RFCs, which the
> > ISC coders worked hard to follow. Thus the ISC code goes to great lengths
> > to *NOT* change the client's address.
> > Apart from techniques like periodically changing the config to make some
> > addresses unavailable, one I can think of might go like :
> >
> > Write a script that monitors the logs, and every time an address is ACKed
> > make note of it.
> > The script then needs to update the DHCP config, explicitly making the
> > address unavailable - perhaps by adding it to a class and denying that
> > class access ot the address pool.
> > The next time the client attempts to renew, it's request will be Nacked
> > and it'll start over with a Discover to get a new address.
> > The script needs to clean up, removing the blocked IPs from the list. A
> > simple timeout would suffice but you could lose a lot fo addresses, but
> > you could monitor the logs for the DHCP-NAck and set the address to be
> > removed a short time later.
> >
> > It's a lot of work to go to just to break things and make life difficult
> > for your clients.
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at
> >
> >
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dhcp-users mailing list