Re: [Nolug] Tons of DHCPREQUEST messages in syslog

Ron Johnson <ron.l.johnson@home.com> writes:

right. i believe the modem is relaying the request for IP to
24.4.96.74. @home, as I understand it, has large master DHCP servers
rather than ones local to a particular market.

the xl0 interface name is from OpenBSD actually.

> On Tuesday 08 January 2002 02:20 pm, Scott Harney wrote:
> > That would be neat but your cable modem is acting as a DHCP relay
> > agent. look at your lease in /var/db/dhcpcd.leases (or wherever it
> > is).
>
> Oh. I see "option dhcp-server-identifier 24.4.96.74;" in my
> /var/dhcp/dhclient.leases, too. Does that mean that 10.64.124.1
> just tells dhclient to go to 24.4.96.74?
>
> Since I'm doing:
> $IPCHAINS -A input -p udp -s 0/0 -d 0/0 67:68 -i eth0 -j ACCEPT
> why is it logging to syslog? Should I also be accepting tcp
> packets?
>
> Many thanks for your instruction...
>
> OT: are you running Solaris? Is that why the ethernet iface xl0?
> Not a very mnemonic code...
>
> > Here's mine
> > lease {
> > interface "xl0";
> > fixed-address 24.14.130.251;
> > option subnet-mask 255.255.255.0;
> > option time-offset -28800;
> > option routers 24.14.130.1;
> > option domain-name-servers 24.4.62.33,24.4.62.34;
> > option host-name "cx140406-a";
> > option domain-name "mcity1.la.home.com";
> > option dhcp-lease-time 259200;
> > option dhcp-message-type 5;
> > option dhcp-server-identifier 24.4.96.74;
> > option dhcp-renewal-time 129600;
> > option dhcp-rebinding-time 226800;
> > renew 1 2002/1/7 23:20:11;
> > rebind 3 2002/1/9 02:20:11;
> > expire 3 2002/1/9 11:20:11;
> > }
> >
> > On Tue, Jan 08, 2002 at 02:26:27PM -0600, Ron Johnson wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > On Tuesday 08 January 2002 01:43 pm, Scott Harney wrote:
> > > > well considering that's the DHCP server that @home has that
> > > > assigns you your IP address, I wouldn't DENY it.
> > >
> > > Huh? I thought I got the IP address from the DHCPD in my cable
> > > modem (address 10.64.124.1).
> > >
> > > dhclient-2.2.x: Listening on LPF/eth0/00:20:78:16:f5:34
> > > dhclient-2.2.x: Sending on LPF/eth0/00:20:78:16:f5:34
> > > dhclient-2.2.x: Sending on Socket/fallback/fallback-net
> > > dhclient-2.2.x: DHCPREQUEST on eth0 to 255.255.255.255 port 67
> > > dhclient-2.2.x: DHCPACK from 10.64.124.1
> > > dhclient-2.2.x: bound to 24.181.111.92 -- renewal in 124239
> > > seconds.
> > >
> > > > On Tue, Jan 08, 2002 at 01:06:17PM -0600, Ron Johnson wrote:
> > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > Hash: SHA1
> > > > >
> > > > > On Tuesday 08 January 2002 12:21 pm, Scott Harney wrote:
> > > > > > Ron Johnson <ron.l.johnson@home.com> writes:
> > > > > >
> > > > > > ignore it. it's not important. You're receiving the DHCP
> > > > > > requests from across the network.
> > > > >
> > > > > Thanks. Can't I DENY that 1 address at the firewall and not
> > > > > log it?
> > > > >
> > > > > Is it relevant that it's all coming from 24.4.96.74, which is
> > > > > Oklahoma. Cox Guy, is there a network problem in Oklahoma
> > > > > City, since all these packets are coming from there, and
> > > > > nowhere else?
> > > > >
> > > > > # traceroute 24.4.96.74
> > > > > traceroute to 24.4.96.74 (24.4.96.74), 30 hops max, 38 byte
> > > > > packets 1 * * *
> > > > > 2 * * *
> > > > > 3 c1-pos9-0.nworla1.home.net (24.7.72.85)
> > > > > 4 c1-pos3-0.dllstx1.home.net (24.7.64.181)
> > > > > 5 c1-pos5-0.tulsok1.home.net (24.7.64.161)
> > > > > 6 c1-pos1-0.okcyok1.home.net (24.7.64.121)
> > > > > 7 bb1-pos1-1.rdc1.ok.home.net (24.7.75.254)
> > > > > 8 ha1.svc1.okc1.ok.home.com (24.4.96.70)
> > > > >
> > > > > > > On Tuesday 08 January 2002 11:32 am, Jerald Sheets wrote:
> > > > > > > > Goes to show you just how many people were set for
> > > > > > > > static.
> > > > > > > >
> > > > > > > > I limit my dhcp to the interior interface eth1 for just
> > > > > > > > such a reason.
> > > > > > >
> > > > > > > Don't understand. My eth0 IS the outside interface, and
> > > > > > > /etc/dhclient.conf restricts dhclient to eth0.
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: owner-nolug@patientcarerx.com
> > > > > > > > [mailto:owner-nolug@patientcarerx.com] On Behalf Of Ron
> > > > > > > > Johnson Sent: Tuesday, January 08, 2002 8:54 AM
> > > > > > > > To: NOLUG
> > > > > > > > Subject: [Nolug] Tons of DHCPREQUEST messages in syslog
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > Subject says it all. There are hundreds of them. The
> > > > > > > > attachment lists all the ones from an ~1 hour period.
> > > > > > > >
> > > > > > > > dhclient-2.2.x: DHCPREQUEST on eth0 to 24.4.96.74 port 67
> > > > > > > >
> > > > > > > > When the machine booted, it sucessfully received an IP on
> > > > > > > > eth0 from 10.64.124.1.
> > > > > > > >
> > > > > > > > Thanks
> > > > > > >
> > > > > > > --
> > > > > > > +----------------------------------------------------------
> > > > > > >--+
> > > > > > >
> > > > > > > | Ron Johnson, Jr. Home: ron.l.johnson@home.com
> > > > > > > | | Jefferson, LA USA
> > > > > > > | http://ronandheather.dhs.org:81 |
> > > > > > >
> > > > > > > ! "Fair is where you take your cows to be judged."
> > > > > > > ! ! Unknown
> > > > > > > !
> > > > > > > +----------------------------------------------------------
> > > > > > >--+ ___________________
> > > > > > > Nolug mailing list
> > > > > > > nolug@nolug.org
> > > > >
> > > > > - --
> > > > > +------------------------------------------------------------+
> > > > >
> > > > > | Ron Johnson, Jr. Home: ron.l.johnson@home.com |
> > > > > | Jefferson, LA USA http://ronandheather.dhs.org:81 |
> > > > >
> > > > > ! "Fair is where you take your cows to be judged." !
> > > > > ! Unknown !
> > > > > +------------------------------------------------------------+
> > > > > -----BEGIN PGP SIGNATURE-----
> > > > > Version: GnuPG v1.0.6 (GNU/Linux)
> > > > > Comment: For info see http://www.gnupg.org
> > > > >
> > > > > iD8DBQE8O0MpjTz5dS9Us5wRAqhFAJ4r1gezTXeRCr6mJYf1V9eToruquACfaPa
> > > > >k ax6vbkxOn731/5KvbakaKww=
> > > > > =Rga9
> > > > > -----END PGP SIGNATURE-----
> > > > > ___________________
> > > > > Nolug mailing list
> > > > > nolug@nolug.org
> > >
> > > - --
> > > +------------------------------------------------------------+
> > >
> > > | Ron Johnson, Jr. Home: ron.l.johnson@home.com |
> > > | Jefferson, LA USA http://ronandheather.dhs.org:81 |
> > >
> > > ! "Fair is where you take your cows to be judged." !
> > > ! Unknown !
> > > +------------------------------------------------------------+
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.0.6 (GNU/Linux)
> > > Comment: For info see http://www.gnupg.org
> > >
> > > iD8DBQE8O1XzjTz5dS9Us5wRAjwYAJ4or5fmSFu3lNTVrMjFwmYoOd7ooACdFPul
> > > XAkhlEWB3H42/VIf8uO2Hys=
> > > =+rCT
> > > -----END PGP SIGNATURE-----
> > > ___________________
> > > Nolug mailing list
> > > nolug@nolug.org
>
> --
> +------------------------------------------------------------+
> | Ron Johnson, Jr. Home: ron.l.johnson@home.com |
> | Jefferson, LA USA http://ronandheather.dhs.org:81 |
> | |
> ! "Fair is where you take your cows to be judged." !
> ! Unknown !
> +------------------------------------------------------------+
> ___________________
> Nolug mailing list
> nolug@nolug.org
>

-- 
Scott Harney <scott_harney@yahoo.com>
Broadband Services Manager (LA)
Charter Communications
___________________
Nolug mailing list
nolug@nolug.org