Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I administered a LAN at my office. Some of the PCs are configured to get IP address from a DHCP server. I noticed that there's another PC in the LAN acting as a DHCP server by giving false network information e.g IP,netmask,gateway and DNS. This makes the PC cannot connect to the internet. By not searching for the *false* DHCP server and shut the service, is it possible to set priority which DHCP server should be giving network info for the LAN? or any other way.
You probably should locate that computer and shut down that service, or isolate it if you can. Seems to me a rogue DHCP server, could be very dangerous. For example, setting the gateway IP to a man-in-the-middle gateway to intercept all outgoing traffic before sending it off to the real gateway.
It seems out of control to control lots of PCs in a LAN. Some PCs may have dhcpd up and running. I read there's authoritative options that we can use in dhcpd.conf. How effective the option is?
If it's anything like DNS, authoritative settings only make DHCP servers dependent on each other (for updating their info - ie the IP addresses in use).
However, think about what would happen if your authoritative DHCP server is temporarily unavailable.
Since DHCP basically works via broadcasts, your PCs will most likely end up contacting the -potentially malicious- false DHCP server.
So, I agree with jschiwal and the others. The rogue DHCP server must be blocked from sending/receiving DHCP messages (blocking broadcasting may do the trick) and/or have it's DHCP service terminated.
Quote:
It seems out of control to control lots of PCs in a LAN.
That seems an poor excuse to me. If you're administering the LAN, you'll HAVE to lay down the law.
The administrator must be the boss of his/her own LAN.
Think about all the complaints from other users if you don't shut down the rogue server, for instance...
A hint: firewalls are not only used to keep out unwanted intruders. They are also useful to prevent malicious users on a LAN from doing harm to other users.
So, I agree with jschiwal and the others. The rogue DHCP server must be blocked from sending/receiving DHCP messages (blocking broadcasting may do the trick) and/or have it's DHCP service terminated.
How do i block the broadcasting from the rogue server(s)?
oo. it's ok. let's discuss the matter. I have read in other thread that Windows clients are too picky in searching DHCP server. Meaning that it will get the IP from the one that can respond faster. If there's another DHCP server in a LAN nearer, it will definitely get from that one first.
I believe that's not only true for Windows DHCP clients.
Basically, DHCP works like this:
* clients don't know their own IP address nor that of the DHCP server,
so they issue a network wide broadcasted DHCP request
* broadcast is received by all DHCP servers
* all servers respond
* clients "picks" a server (usually the fastest/nearest one, since it's reply is simply
received first)
* client then finalize the DHCP request by contacting the picked server.
* all other servers don't get a reply, probably time out or something and then say that the
IP address they proposed to the client is once again "open" for all DHCP clients to claim.
That seems logical, no?
Most clients will use the first DHCP answer they get, so the "pickyness" you described is probably the
standard client behaviour.
If you know the IP of the rogue server, you can probably block
some or all network traffic to it, but this may not necessarily work for the broadcasts.
However, the client does send an "acknowledgement" to the server, so that the server knows that the IP
it has suggested is now occupied by the client who sent the broadcast (ie the server knows it has been "picked"). Maybe you could block such acknowledgement messages. They aren't IP broadcasts, of course.
Then again, if you know the server's IP address, you could also locate it and make sure the DHCP service is shut down.
yes. I know the server's IP address but I am thinking of ways to prevent this automatically even without clients reconfiguration if that's possible/permissible.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.