[ previous ] [ next ] [ threads ]
 
 From:  "Bryan Brayton" <bryan at sonicburst dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] How to deny a client multiple dhcp addresses
 Date:  Sun, 29 Aug 2004 09:13:03 -0400
That might work.  I believe there is a setting in dhcpd.conf that will
also restrict dhcpd to 1 lease per client.  I guess I'll have to dig
further into that and hack my image to make it permanent.

A little background on this m0n0:  it is protecting/bandwidth limiting a
set of college dorms from the internet-at-large. Though given the types
of traffic found on the internal LAN, perhaps I should be protecting
everyone else from them!  Let's just say they put a hurting on the 10
Mbit pipe constantly, both up and down.

Anyway, what I think is going on here is that I have clients with 2
NICS, and Windows XP is set to bridge the 2, hence the client wants 2
addresses, but they appear to come from the same MAC. I'm not sure if
the bridging is intentional or not, but I have seen many XP laptops with
2 nics that were bridged and I don't believe the users of these laptops
even knew what a bridge was. I saw a whitepaper somewhere on the
e2epi.internet2.edu site describing this exact problem, only the college
in that instance had so many bridged clients that they exhausted their
dhcp leases, causing quite a stir.

Just some info in case someone else runs into the same problem.

-Bryan

-----Original Message-----
From: Ping Kwong [mailto:kwongp at midtown dot net]
Sent: Sunday, August 29, 2004 2:20 AM
To: Bryan Brayton; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] How to deny a client multiple dhcp addresses

Although I haven't tried it, I would assume you should be able to
accomplish
it by going to Services: DHCP and adding an entry for that person's MAC
address and forcing it an IP address based on that MAC.  Who is to say
then
the person won't spoof a MAC address then and achieving the same result.


-----Original Message-----
From: Bryan Brayton [mailto:bryan at sonicburst dot net]
Sent: Saturday, August 28, 2004 5:43 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] How to deny a client multiple dhcp addresses

Hello all,

I have a client pulling 2 dhcp addresses on the same mac address.  How
do I go about restricting the dhcp service to 1 address per mac?

Thanks,
Bryan








________________________________

avast! Antivirus <http://www.avast.com> : Outbound message clean. 

Virus Database (VPS): 0435-2, 08/28/2004
Tested on: 8/29/2004 9:13:03 AM
avast! - copyright (c) 2000-2004 ALWIL Software.