Hello Kari, I'm not sure about Kea, Kea hooks, or if someone is going to write a Kea hook for that, but there is no DHCP server that I know about that implements this outside-of-the-box. Actually, most or all effective solutions in network-originating layer 2 attacks are basically built on networking devices software and/or network monitoring software, or the least: manual troubleshooting.
If your switching equipment has a feature to help, then use it. If not, you can set a network monitoring software that analyzes DHCP DISCOVER messages and alert you if the rate from a specific MAC is abnormal, or the general rate on the network is abnormal. SolarWinds and PRTG come to mind. -- MK On Wed, Apr 17, 2019 at 2:56 PM Kari Karvonen <[email protected]> wrote: > Hello > > If there is faulty DHCP-client on a network that keeps requesting IP's > and after receiveing IP-offer client sends DHCPDECLINE and DHCP-server > marks IP-address as declined for 24 hours. If client keeps repeating > this, address after address will be marked as declined and soon entire > DHCP-pool is exhausted. > > I looked Kea 1.5.0 user guide and found that it is possible to shorted > decline time > > "decline-probation-period": 3600 > > But is there something else on dhcp-server side to prevent this kind of > behaviour? > > -- > Kari Karvonen > Network specialist > +358445557360 > www.kasenet.fi > _______________________________________________ > Kea-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/kea-users >
_______________________________________________ Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
