On 3/15/07, Chris GM <[EMAIL PROTECTED]> wrote:
Hi Guys,
Here's the scenario I encountered: In a Linux driven network wherein the
Linux box is the one used as
a gateway,firewall,proxy, DHCP. switches are installed, cascaded, with port
security enabled.
Once a rogue DHCP machine (those LAN extenders or Network connectors what
have you) is plugged
in to one of the ports, user machines are having a hard time getting DHCP
requests from the Linux box
some get IP from the rogue machines and some get from linux server and
causes "limited or no connectivity" errors.
The rougue machine is causing some DHCP flooding to the network. Now my
question is, can it be prevented or cancelled out? Will iptables firewall be
able to stop it? is there a way to automatically detect the flooding and
stop it?
I know by just taking the device out of the network will stop it, but this
is a sensitive network
from the hospitality biz and you just can't confiscate devices from guests.
So a preventive
solution would be the best thing.
Thanks in advance,
Chris
Can your switch filter layer 3 packets? If so, try filtering udp port
67 by allowing only the ethernet port(s) where your dhcp server is
attached.
Hth.
'Jopoy
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
