From owner-freebsd-questions Fri Apr 26 6:41: 2 2002 Delivered-To: freebsd-questions@freebsd.org Received: from infinity.aesredfish.net (ns1.aesredfish.net [65.168.0.12]) by hub.freebsd.org (Postfix) with ESMTP id 0827B37B400 for ; Fri, 26 Apr 2002 06:40:49 -0700 (PDT) Received: from potentialtech.com (mhope-dhcp-65-168-1-181.dashfast.com [65.168.1.181]) by infinity.aesredfish.net (8.11.6/8.11.0) with ESMTP id g3QDeWm26355; Fri, 26 Apr 2002 09:40:33 -0400 Message-ID: <3CC95A01.5000908@potentialtech.com> Date: Fri, 26 Apr 2002 09:45:37 -0400 From: Bill Moran Organization: Potential Technologies User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.3) Gecko/20010914 X-Accept-Language: en-us MIME-Version: 1.0 To: gabriel_ambuehl@buz.ch Cc: questions@freebsd.org Subject: Re: dhclient going crazy... References: <1965488492.20020424150235@buz.ch> <3CC86D86.7060100@potentialtech.com> <158162746907.20020426104334@buz.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Gabriel Ambuehl wrote: >>>this required, nice, uuh) as the ISP feels I've been running DoS >>>attacks >>>against its DHCP servers: >>> >>Sure sounds like bullsh*t to me > > I later had a call from one of the NOC guys who actually appeared to > know something about the whole issue and he didn't claim I was > running > DoS but thought that there might be a bug in the dhclient. Did you reboot the box? FreeBSD isn't very prone to binary corruption, but (theoretically) it's still possible. I wouldn't blame dhclient itself, though, as I've run it for years with no problems. If your dhclient is acting up you probably need to do buildworld again. >>From the looks of the arp messages >>below, it doesn't look like you're the one changing MAC addresses. > > Actually, there's a whole lot of those ARP changes for the GW, could > it be that dhclient went crazy about it? dhclient shouldn't have any reason to change MAC addresses. >>>one hour later, went on for about ten minuted and stopped, the >>>whole cycle was repeated for several hours from 17:00 to 23:XX. >>>What is happening here? And how can I prevent it from happening >>>again? >>> >>It really looks to me like your ISPs DHCP server is whacked. Maybe > > That's originally what I expected to be the reason too but the NOC > guy > told me that they're running with 60min leases. Yeah, but remember that you're running things in a sane manner, and if they (for some unknown reason) went wacko, you'd think that it must be the other guy as well. I have to admit, I've done it: systems run well for long periods of time and suddenly a client complains that things are broken and my first reaction is "what did you break" (because usually that's true) Then later I find that my systems are wacked out. Only difference is that I'll admit my mistake to the customer. >>it's giving out incredibly short lease times, requiring you to >>renew your lease often. Check /var/db/dhclient.leases to see what >>the >>DHCP server has been up to > > Can't do that now cause at the moment, it's working like it should, > i.e. no representative data there for me... Bummer. >>I'm making some guesses here, Gabe, because I've never seen >>anything like this before. >> > > Neither did I. The box in question has a somewhat doubtful internal > (dc0) interface that would generate watchdog alerts from time to time > since a few week but despite it was running for more than a year > without a single problem. I sure did upgrade it from time to time but > as STABLE really is stable for the very most part, I never ever > encountered any trouble while on it... Well, definately take a minute to email me if you ever figure it out. I'd be curious to know what's up. -- Bill Moran Potential Technology http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message