[c-nsp] DHCP Binding Expiration
Lamar Owen
lowen at pari.edu
Mon Feb 9 20:22:14 EST 2009
On Monday 09 February 2009 12:50:54 Justin Shore wrote:
> Manaf Al Oqlah wrote:
> > The problem is that I still can see some
> > clients IP addresses lease expiration are Infinite in the DHCP binding!
> > what could be the reason for this behavior and could be this some sort of
> > attack!!
>
> I get them too. I never have figured out what causes them. So far it
> hasn't been a big deal for me.
BOOTP.
BOOTP clients can bring any DHCP server to its knees, especially if the BOOTP
client is badly coded. For instance, I run a Smoothwall Advanced Firewall
here in a testing mode (I'm tech support for the local reseller), and I
started noticing all of the sudden that ALL of the leases were taken, and most
were clients with an UNKNOWN expiry. I looked closely, and the MAC addresses
were sequential, and there were right at 100 of them.
Tracked it down to, believe it or not, a Catalyst 8540MSR switch, which was
requesting via BOOTP for every single one of its MACs.
More information about the cisco-nsp
mailing list