Force DHCP server to assign new IP to client
jeffreyzheng at live.com
Wed Oct 15 03:14:39 UTC 2014
First of all, thank you so much for your replies and I have learned a lot from your responses.
I am working on a security research project in an isolated internal network, so fortunately there will not be any frustrated or angry clients :-). Basically the research is trying to find a way to randomly change clients' IP addresses so that any IP-based attack or reconnaissance might be thwarted, that is why I am looking into the DHCP server to see if I can use it to achieve the goal. Any suggestions are very appreciated.
The words of the reckless pierce like swords, but the tongue of the wise brings healing. (Proverbs 12:18)
==> How to create a strong and secure password - part one==> How to create a strong and secure password - part two
> Date: Wed, 15 Oct 2014 12:23:14 +1100
> Subject: Re: Force DHCP server to assign new IP to client
> From: glenn.satchell at uniq.com.au
> To: dhcp-users at lists.isc.org
> Hi Jeffrey
> Perhaps you could give us some more information as to why you want this
> type of behaviour? Perhaps there may be a different way to achieve what
> you want?
> On Wed, October 15, 2014 1:24 am, Simon Hobson wrote:
> > Jeffrey Zheng <jeffreyzheng at live.com> wrote:
> >> I am working on a project in which I would like to force DHCP server to
> >> assign a new IP address to client whenever the client sends an IP
> >> request, instead of keeping the current IP address. Is it possible? If
> >> yes, can someone please tell me how to do it?
> > As Chuck so eloquently put it, it's a recipe for "unhappy" clients. At the
> > very least it will terminate all active connections every time the client
> > renews it's lease, and with some clients it may cause bigger problems as
> > there have been reports on this list from time to time of clients not
> > handling changed leases very well.
> > As pointed out, it's against the letter and spirit of the RFCs, which the
> > ISC coders worked hard to follow. Thus the ISC code goes to great lengths
> > to *NOT* change the client's address.
> > Apart from techniques like periodically changing the config to make some
> > addresses unavailable, one I can think of might go like :
> > Write a script that monitors the logs, and every time an address is ACKed
> > make note of it.
> > The script then needs to update the DHCP config, explicitly making the
> > address unavailable - perhaps by adding it to a class and denying that
> > class access ot the address pool.
> > The next time the client attempts to renew, it's request will be Nacked
> > and it'll start over with a Discover to get a new address.
> > The script needs to clean up, removing the blocked IPs from the list. A
> > simple timeout would suffice but you could lose a lot fo addresses, but
> > you could monitor the logs for the DHCP-NAck and set the address to be
> > removed a short time later.
> > It's a lot of work to go to just to break things and make life difficult
> > for your clients.
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> dhcp-users mailing list
> dhcp-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dhcp-users