Levi,
Consider this:
a) PC1 requests a lease. DHCP gives it.
b) PC2 requests a lease. DHCP gives it.
c) PC3 requests a lease. DHCP gives it.
d) ... and so on.
.... now, imagine that PC1, PC2, PC3... are all *the same PC* making
requests based on injected handcrafted packets. This way, the client PC
runs out the DHCP server IP address pooling.
I guess the only way to fight this is if the DHCP server checks who is
"alive" (from some of the already leased IP addresses, like FIFO) *BEFORE*
giving a new lease.
Pls, check if your DHCP server software allows this checking.
Regards,
rusga
PS: Depending on your network scenario, try setting a smaller lease time
to clients.
PSS: Some protocols are very "naive" and depend on "not so naive" software
developers.
On Fri, 1 Oct 2004 19:46:14 -0700, Levi
<(E-Mail Removed)> wrote:
> I'm really confused on this one... I have a DHCP scope
> that has approx 1000 total IPs in it. As of 2 days ago,
> it had about 500 leased out, less than 50 reserved, and
> 400 or so available. Yesterday, I noticed that 100% of
> all available IPs were leased out, and that almost all of
> the 400 that were leased (that were available the day
> before)were all leased at the EXACT same time. What's
> really weird about this is that they all had bunk MAC
> addresses (all had AT LEAST 15 chars and looked very
> similar, or were very similar). ALSO, when I looked at
> the scope in the IP management console, I noticed that
> the leases didn't have a real "name" associated with
> them... the "name" that the console used was the IP
> address. I pinged the first 10 of the questionable IPs
> that were leased, and got not reply. I'm curious if
> having a hub connected in this subnet could cause
> this... Any suggestions? Right now I'm clueless as to
> what to look for... Thanks!!!
|
Similar Threads
