On Sun, 2003-10-26 at 19:47, Chris I wrote:
> Hi.
>
> I, and many others at my school are having a problem with (at least)
> one person running a DHCP server on their laptops. People often get
> invalid addresses due to this and cannot (easily) access network
> resources. It's so far been fairly hard to track down this
individual,
> so we can't disable the server.
>
> Short from trying harder to find him and kicking him in the shins,
can
> anybody think of a way to block dhcp servers, or to specify which is
> allowed to be used. I've tried ip and mac filtering in iptables, but
it
> doesnt seem to be effective.
The dhcp client stores the IP address of the server it received the IP
address from.
In Windows - do ipconfig /all and look for DHCP Server
In Linux - look in /etc/dhcpc for an *.info file for the interface, in
this file look for DHCPSID.
Hopefully the IP can lead you to your culpurit. If the IP itself is not helpful, find out the MAC address associated with it and start checking to see where the MAC Address is located (this will depend on you network gear)
Unfortunately I am not an admin, I'm a lowly student. The admins seem to think that it is a config issue on my end, and refuse to even look into it. Maybe I should stick gum in their hair or something suitibly mature.
Since half the time i'm sure they are not even in the same room, and all the rooms seem to be connected by managed switches, they could at least try to minimize the effect.
As for just repeatedly running dhcpcd until i get a response from the proper server... that doesnt work. I had already tried that. The rogue servers are likely (a) much closer physically, and/or (b) probably sitting mostly idle as their users are writing code. THe real dhcp server is likely also doing data storage or intranet stuff or something, or maybe even running the school's webct (shudder).
Running tcpdump, and tailing logs and such we have found mac addresses of two "rogue" dhcp servers, and have their mac addresses. Again, not being an admin, I can't block them from recieving a valid ip themselves (wish i could), and their ip is not terribly useful (in a whole different ip class).
I will try out james jone's firewall rules that he posted, and see if i have luck with that, and spread the info around. If not, I will have to try out dhclient, after doing some man-page reading (dhclient is on my debian box here).
--
Chris I
Perilous to all of us are the devices of an art deeper than we ourselves
possess.
-- Gandalf the Grey [J.R.R. Tolkien, "Lord of the Rings"]
pgp00000.pgp
Description: PGP signature
