Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Jan 2003 16:36:05 +0100
From:      =?iso-8859-1?Q?Erik_Paulsen_Sk=E5lerud?= <erik@pentadon.com>
To:        <lewwid@telusplanet.net>, <FreeBSD-stable@freebsd.org>
Subject:   RE: Freebsd 4.7.2 DHCP Spamming
Message-ID:  <002f01c2bd74$fbec0440$0a00000a@lan.tekniker.no>
In-Reply-To: <2W5ZNJANISMB91VMJPMIG4XD83XPN71.3e25f76b@Jeff>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
One idea that springs my mind is that /var might be full when dhclient
tries to write the new lease.. I believe dhclient first ifconfig's the
device with the new settings, -then- write the information to
/var/db/dhclient.leases. If /var (or /var/db) is full at that moment, it
would probably just continue to require new IP's as it has no earlier
records.

You should really explain to your ISP that they need to get a better
system so users can't just request a new IP all the time. If they would
raise their lease-time it would probably get better.

Erik.

-----Original Message-----
From: owner-freebsd-stable@FreeBSD.ORG
[mailto:owner-freebsd-stable@FreeBSD.ORG] On Behalf Of lewwid
Sent: Thursday, January 16, 2003 1:06 AM
To: FreeBSD-stable@freebsd.org
Subject: Freebsd 4.7.2 DHCP Spamming


Has anyone heard of an issue where a freebsd box can rack up multiple
ips over the course
of ~2 days?  There should only be 1 ip address allocated to my box.

For some reason on Dec 2nd, Dec 30th, and Jan 14th my box decided to
keep requesting IPs, thus
racking up ~100 before they shut me off each time.  Why would they keep
permitting ip requests
above the 2 allowed ips?  

I'm running a GENERIC kernel, all source updated and installed from
cvsup3.freebsd.org.  Only ssh
listening.

They say that, either I'm doing it on purpose, I'm exploited, or there's
a problem with the dhclient.

I was monitoring the box using tcpdump + dhcpdump to watch the requests.
Unfortunately I rebooted after about
5 days (Jan 7th ish).  I thought the problem was resolved.  I asked them
for logs but they can't provide any.

Could they changed something near the end of November, or the start of
December as this problem has
not happened *ever* in 6 years before this. 

*** Somehow I'm supposed to solve this problem without logs.  Hopefully
someone has run into this
problem in the past and knows a solution.  It's to never happen again or

they will cancel my account.  

The only thing I could related to this is an acknowledgement from
Vancouver's Shaw guys
that there is a problem.  

http://www.dslreports.com/comment/1704/19357

Dropping DHCP leases
Actually about the dropping DHCP leases, which some of our customers are
seeing. We're still in the process of looking over the reason for their
occurence. For the majority of our customers, this never seems to be a
problem but for a certain select 
minority it seems that the lease can get dropped for various reasons.
The most prominent reason we could come up with was that it was some
sort of software or hardware configuration issue with the customers
computer, (either firewall blocking dhcp 
requests/acknowledgements or network cards that are not acting properly
when handling the dhcp packets). We're still in the process of
investigating the problem and a possible fix, but we do need help.
Anyone running Linux, we could really use logs on 
the authentication process that a computer goes through when getting the
dhcp lease. If anyone fits this category, send some mail to

van.help@shaw.ca 

with the logs, and ask for them to be forwarded to the tier2.5 team for
perusal, hopefully with this info, we can come to a solution for your
problem.


Thanks for your help guys!





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message


[-- Attachment #2 --]
0	*H
010	+0	*H
0|0o0
	*H
010	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.300
021008193846Z
031008193846Z0C10UThawte Freemail Member1 0	*H
	erik@pentadon.com00
	*H
0@k0[G=TohI"[4zb)'OnM>З.dt$Rq}rz!BڸȧIlt-`B9=mХ"ӂ2
fՃ)
.0,0U0erik@pentadon.com0U00
	*H
DW6K}Ss#|@7Jbd&AeYnYULb
2Oiީ!snie';uL"HJPQy0R1	lQaC+y_-W\4;0-00
	*H
010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com0
960101000000Z
201231235959Z010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com00
	*H
0i԰d[qGQr^}-
{߅%u(t:B,c'{K~ݹΖdnD|Mq@8x^^v]nz|KU)&j8$jDZڣyZ00U00
	*H
~Ngb*M`o`Xa&R5\0JbB#dG)ߝ^l`q\ynG
(|_#&	sC%/uQkw080fErtcvE.0
	*H
010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com0
000830000000Z
040827235959Z010	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.3000
	*H
032c	%E>nx'gڈD)c5*mp<ܮto034qmOe
KaU5u'rװ|CBPQ<9TIf-	kiN0L0)U"0 010UPrivateLabel1-2970U00U0
	*H
1KG]qSl]y=&b""I'{9$
*8PUl
LGlX1B	li+@]jy.%݊
Z<D&iHΥbb1i0e0010	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30o0	+$0	*H
	1	*H
0	*H
	1
030116153602Z0#	*H
	1=E<AwMaAr~gfW0g	*H
	1Z0X0
*H
0+0*H
0
*H
@0+0
*H
(0
*H
0	+710010	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30o0*H
	1010	UZA10UWestern Cape10U	Cape Town10
U
Thawte10UCertificate Services1(0&UPersonal Freemail RSA 2000.8.30o0
	*H
ޙb+>s(ּntV!QSI@ld3Zq*jcٯn76QX
k2#:hi[6X}<_}@FN{p|peE;ȼQqTlT

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002f01c2bd74$fbec0440$0a00000a>