*** From dhcp-server -- To unsubscribe, see the end of this message. ***
Ted--
I've been very carefully observing the behavior of the server lately,
looking for my "killer packet," and have noticed something else that
presents an interesting situation. I hesitate to call it either a problem
or a bug, but I want to solicit your opinion about this....
I'm currently running a test server that has a very small dynamic address
pool (4 leases). For illustration, I'll refer to them by the last octet of
their IP address: 241, 242, 243, and 244. The server receives discovers
and replies with offers exactly as expected. In fact, because the clients
are requesting a different IP address than the four I have available to
offer to them (and so don't request the offered address), I've observed how
the server rather neatly cycles through its list of dynamic addresses:
first address 241 is offered, then 242, 243, and finally 244. As long as
the discover messages don't arrive in bursts more quickly than the 2 minute
lifetime of an offer, the server cycles back to address 241 for the next
discover message.
I was so impressed by how smoothly this worked that I ignored a very
interesting characteristic: because an offered address does not expire
until two minutes have passed, if the same client repeatedly sends discover
messages, the server blissfully offers a different IP address for each
discover message. So, two things come to mind: first, a crude but
effective denial of service attack can be mounted by a single workstation
against an entire subnet (and, presumably, shared network segment), and
second, the size of the dynamic address pool must be large enough to
accommodate bursts of discover messages from the same client in order to
prevent a transient "no free leases" condition.
While I'm pretty sure this was the intended behavior (judging by the code in
supersede_lease() that creates a hash table entry for a new or updated
lease) I wonder if it is the best strategy in this circumstance? It seems
to me that if during the offer period the uid or hw_addr has was recorded,
then subsequent discover messages from the same client would be matched by
find_lease(), avoiding the offer of multiple leases for the same client.
What do you think?
--Barr
------------------------------------------------------------------------------
To unsubscribe from this list, please visit http://www.fugue.com/dhcp/lists
If you are without web access, or if you are having trouble with the web page,
please send mail to [EMAIL PROTECTED] Please try to use the web
page first - it will take a long time for your request to be processed by hand.
Archives for this mailing list are available at
http://www.webnology.com/list-archives/dhcp/dhcp-server
------------------------------------------------------------------------------
