Re: [Nolug] Tons of DHCPREQUEST messages in syslog

From: Ron Johnson <ron.l.johnson_at_home.com>
Date: Tue, 8 Jan 2002 15:11:15 -0600
Message-Id: <20020108211121.YXXW12283.femail6.sdc1.sfba.home.com@there>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 08 January 2002 02:20 pm, Scott Harney wrote:
> That would be neat but your cable modem is acting as a DHCP relay
> agent. look at your lease in /var/db/dhcpcd.leases (or wherever it
> is).

Oh. I see "option dhcp-server-identifier 24.4.96.74;" in my
/var/dhcp/dhclient.leases, too. Does that mean that 10.64.124.1
just tells dhclient to go to 24.4.96.74?

Since I'm doing:
  $IPCHAINS -A input -p udp -s 0/0 -d 0/0 67:68 -i eth0 -j ACCEPT
why is it logging to syslog? Should I also be accepting tcp
packets?

Many thanks for your instruction...

OT: are you running Solaris? Is that why the ethernet iface xl0?
Not a very mnemonic code...

> Here's mine
> lease {
> interface "xl0";
> fixed-address 24.14.130.251;
> option subnet-mask 255.255.255.0;
> option time-offset -28800;
> option routers 24.14.130.1;
> option domain-name-servers 24.4.62.33,24.4.62.34;
> option host-name "cx140406-a";
> option domain-name "mcity1.la.home.com";
> option dhcp-lease-time 259200;
> option dhcp-message-type 5;
> option dhcp-server-identifier 24.4.96.74;
> option dhcp-renewal-time 129600;
> option dhcp-rebinding-time 226800;
> renew 1 2002/1/7 23:20:11;
> rebind 3 2002/1/9 02:20:11;
> expire 3 2002/1/9 11:20:11;
> }
>
> On Tue, Jan 08, 2002 at 02:26:27PM -0600, Ron Johnson wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Tuesday 08 January 2002 01:43 pm, Scott Harney wrote:
> > > well considering that's the DHCP server that @home has that
> > > assigns you your IP address, I wouldn't DENY it.
> >
> > Huh? I thought I got the IP address from the DHCPD in my cable
> > modem (address 10.64.124.1).
> >
> > dhclient-2.2.x: Listening on LPF/eth0/00:20:78:16:f5:34
> > dhclient-2.2.x: Sending on LPF/eth0/00:20:78:16:f5:34
> > dhclient-2.2.x: Sending on Socket/fallback/fallback-net
> > dhclient-2.2.x: DHCPREQUEST on eth0 to 255.255.255.255 port 67
> > dhclient-2.2.x: DHCPACK from 10.64.124.1
> > dhclient-2.2.x: bound to 24.181.111.92 -- renewal in 124239
> > seconds.
> >
> > > On Tue, Jan 08, 2002 at 01:06:17PM -0600, Ron Johnson wrote:
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > On Tuesday 08 January 2002 12:21 pm, Scott Harney wrote:
> > > > > Ron Johnson <ron.l.johnson@home.com> writes:
> > > > >
> > > > > ignore it. it's not important. You're receiving the DHCP
> > > > > requests from across the network.
> > > >
> > > > Thanks. Can't I DENY that 1 address at the firewall and not
> > > > log it?
> > > >
> > > > Is it relevant that it's all coming from 24.4.96.74, which is
> > > > Oklahoma. Cox Guy, is there a network problem in Oklahoma
> > > > City, since all these packets are coming from there, and
> > > > nowhere else?
> > > >
> > > > # traceroute 24.4.96.74
> > > > traceroute to 24.4.96.74 (24.4.96.74), 30 hops max, 38 byte
> > > > packets 1 * * *
> > > > 2 * * *
> > > > 3 c1-pos9-0.nworla1.home.net (24.7.72.85)
> > > > 4 c1-pos3-0.dllstx1.home.net (24.7.64.181)
> > > > 5 c1-pos5-0.tulsok1.home.net (24.7.64.161)
> > > > 6 c1-pos1-0.okcyok1.home.net (24.7.64.121)
> > > > 7 bb1-pos1-1.rdc1.ok.home.net (24.7.75.254)
> > > > 8 ha1.svc1.okc1.ok.home.com (24.4.96.70)
> > > >
> > > > > > On Tuesday 08 January 2002 11:32 am, Jerald Sheets wrote:
> > > > > > > Goes to show you just how many people were set for
> > > > > > > static.
> > > > > > >
> > > > > > > I limit my dhcp to the interior interface eth1 for just
> > > > > > > such a reason.
> > > > > >
> > > > > > Don't understand. My eth0 IS the outside interface, and
> > > > > > /etc/dhclient.conf restricts dhclient to eth0.
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: owner-nolug@patientcarerx.com
> > > > > > > [mailto:owner-nolug@patientcarerx.com] On Behalf Of Ron
> > > > > > > Johnson Sent: Tuesday, January 08, 2002 8:54 AM
> > > > > > > To: NOLUG
> > > > > > > Subject: [Nolug] Tons of DHCPREQUEST messages in syslog
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Subject says it all. There are hundreds of them. The
> > > > > > > attachment lists all the ones from an ~1 hour period.
> > > > > > >
> > > > > > > dhclient-2.2.x: DHCPREQUEST on eth0 to 24.4.96.74 port 67
> > > > > > >
> > > > > > > When the machine booted, it sucessfully received an IP on
> > > > > > > eth0 from 10.64.124.1.
> > > > > > >
> > > > > > > Thanks
> > > > > >
> > > > > > --
> > > > > > +----------------------------------------------------------
> > > > > >--+
> > > > > >
> > > > > > | Ron Johnson, Jr. Home: ron.l.johnson@home.com
> > > > > > | | Jefferson, LA USA
> > > > > > | http://ronandheather.dhs.org:81 |
> > > > > >
> > > > > > ! "Fair is where you take your cows to be judged."
> > > > > > ! ! Unknown
> > > > > > !
> > > > > > +----------------------------------------------------------
> > > > > >--+ ___________________
> > > > > > Nolug mailing list
> > > > > > nolug@nolug.org
> > > >
> > > > - --
> > > > +------------------------------------------------------------+
> > > >
> > > > | Ron Johnson, Jr. Home: ron.l.johnson@home.com |
> > > > | Jefferson, LA USA http://ronandheather.dhs.org:81 |
> > > >
> > > > ! "Fair is where you take your cows to be judged." !
> > > > ! Unknown !
> > > > +------------------------------------------------------------+
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.0.6 (GNU/Linux)
> > > > Comment: For info see http://www.gnupg.org
> > > >
> > > > iD8DBQE8O0MpjTz5dS9Us5wRAqhFAJ4r1gezTXeRCr6mJYf1V9eToruquACfaPa
> > > >k ax6vbkxOn731/5KvbakaKww=
> > > > =Rga9
> > > > -----END PGP SIGNATURE-----
> > > > ___________________
> > > > Nolug mailing list
> > > > nolug@nolug.org
> >
> > - --
> > +------------------------------------------------------------+
> >
> > | Ron Johnson, Jr. Home: ron.l.johnson@home.com |
> > | Jefferson, LA USA http://ronandheather.dhs.org:81 |
> >
> > ! "Fair is where you take your cows to be judged." !
> > ! Unknown !
> > +------------------------------------------------------------+
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.6 (GNU/Linux)
> > Comment: For info see http://www.gnupg.org
> >
> > iD8DBQE8O1XzjTz5dS9Us5wRAjwYAJ4or5fmSFu3lNTVrMjFwmYoOd7ooACdFPul
> > XAkhlEWB3H42/VIf8uO2Hys=
> > =+rCT
> > -----END PGP SIGNATURE-----
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org

- --
+------------------------------------------------------------+
| Ron Johnson, Jr. Home: ron.l.johnson@home.com |
| Jefferson, LA USA http://ronandheather.dhs.org:81 |
| |
! "Fair is where you take your cows to be judged." !
! Unknown !
+------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8O2BzjTz5dS9Us5wRAg30AJ920gaEuEpCiJD2CDGDIf9aOHxOewCffJV/
QeuTvNrpl4+HGiMu09Mdu/Q=
=Vhjj
-----END PGP SIGNATURE-----
___________________
Nolug mailing list
nolug@nolug.org
Received on 01/08/02

This archive was generated by hypermail 2.2.0 : 12/19/08 EST