LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-24-2004, 11:42 PM   #1
paul_m_d
Member
 
Registered: Dec 2003
Location: Canada
Posts: 47

Rep: Reputation: 15
Technical Q: How can I renew DHCP lease with different IP?


Here's the situation in a nutshell: I have Mandrake 9.2 running on one machine with all non-critical services (httpd, sshd, ftp, etc.) stopped. Whenever I plug in the network connection, I immediately get a ton of network traffic on that machine. Lots of frantic blinking on the hub and the cable modem. This is annoying, and what's more, my cable company called because they think a machine at my house is sending spam.

I suspect that another machine (likely with the same ISP), like a hacked Windows box, is sending spam and spoofing my IP address somehow. I have cable Internet access, and I'd like to know if there's some simple way of releasing my IP address (obtained through DHCP) and getting a different address. This machine has had the same IP address ever since I installed Mandrake in February.

I tried erasing the dhclient.leases file, but my machine grabbed the same old address anyway when I plugged the network cable back in. I'm really quite a newbie, could someone tell me how to get a different IP address?
 
Old 07-25-2004, 12:27 AM   #2
adz
Senior Member
 
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713

Rep: Reputation: 53
That's more up to the DHCP server than the client. Is this a dynamically assigned address from your ISP? If so you'll have to call them to get a new one. If this is the situation then I don't think it's someone else spoofing your IP since if that were the case you'd probably not get so much traffic (only a guess, though).

A good thing to do would be to port scan your network from the outside. If you can remotely log into a box somewhere else (not on your home network) and port scan yourself you'll be able to see if any strange ports are open. Another question: Is your cable connection slower than it should be?
 
Old 07-25-2004, 12:42 AM   #3
Archite
Member
 
Registered: Jul 2004
Distribution: OpenBSD 3.5
Posts: 89

Rep: Reputation: 15
simple fix... get a new network card. The isp is most likely caching the lease based on your mac address. This means unless you change your mac address, you won't get a new ip address...
 
Old 07-25-2004, 12:53 AM   #4
SBing
Member
 
Registered: Mar 2004
Posts: 519

Rep: Reputation: 35
Yes, a different ethernet card would do it, unless you have to register your mac address with them (the PC's mac address, not the cable modems - that never changes), I doubt you have to do that.

With my netgear router, (which supports mac address spoofing), I can simply click 'renew' and I'll recieve a new IP address from NTL's DHCP server. I assume what it does is, Release, change mac address, Renew.

What I would do in your situation if I didn't have the router and wanted to force a new IP address is:

1) Power down the cable modem
2) Disconnect the cable modem and reconnect to another computer, probably a friends laptop in my case
3) Power up the modem, connect to the internet, check my e-mail then repeat the process again, this time with my main machine.

Nobody can garuntee you'll get a new IP address, but at least where I live, it's the same IP until I request a new one :)
 
Old 07-25-2004, 01:03 AM   #5
adz
Senior Member
 
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713

Rep: Reputation: 53
Quote:
Nobody can garuntee you'll get a new IP address, but at least where I live, it's the same IP until I request a new one :)
The ISP can. Just call them. Oh and some ISPs wont let you just change MAC addresses without telling them as a security precaution.

Last edited by adz; 07-25-2004 at 01:16 AM.
 
Old 07-25-2004, 02:33 AM   #6
paul_m_d
Member
 
Registered: Dec 2003
Location: Canada
Posts: 47

Original Poster
Rep: Reputation: 15
Thanks for the help so far.

With my cable service, IPs are just assigned whenever you plug a computer in, I've had dozens of different machines on my network over the years. So registering MAC addresses isn't an issue.

I've heard with Linux, you can change your card's MAC address. That might do the trick, anyone know how?

adz: I don't know how to do the stuff you suggested (log into another machine, scan my ports). Like I said, I'm a newbie. But I can't find anything malicious on my computer (it's Linux for gosh sakes) so I assume *something* is causing traffic to flood my IP address.
 
Old 07-25-2004, 02:51 AM   #7
Pete M
Member
 
Registered: Aug 2003
Location: UK
Distribution: Redhat 9 FC 3 SUSE 9.2 SUSE 9.3 Gentoo 2005.0 Debian Sid
Posts: 657

Rep: Reputation: 30
paul_m_d

If you want to perform a ports scan try these sites, on the second one look halfway down the page for ShieldsUP

http://www.dslreports.com/scan

http://www.grc.com/default.htm

For MAC address spoofing go here

http://whoozoo.co.uk/mac-spoof-linux.htm

Do you run a mail server ? if so go here to check that you are not an open relay for spam

http://www.abuse.net/relay.html

Pete
 
Old 07-25-2004, 02:58 AM   #8
adz
Senior Member
 
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713

Rep: Reputation: 53
Quote:
With my cable service, IPs are just assigned whenever you plug a computer in, I've had dozens of
Are you sure it's your ISP assigning the IPs and not your modem? Can you do an ifconfig and post the result?

Quote:
adz: I don't know how to do the stuff you suggested (log into another machine, scan my ports). Like I said, I'm a newbie. But I can't find anything malicious on my computer (it's Linux for gosh sakes) so I assume *something* is causing traffic to flood my IP address.
Well you can just do an nmap <your public IP address>. This is not quite as good as doing it from a remote computer but it will probably do. Note that your public IP will not be in the form 192.168.xxx.xxx or 10.xxx.xxx.xxx. Just because it's linux doesn't mean that it's invulnerable. I'm not saying you've been compromised but it does happen.

Last edited by adz; 07-25-2004 at 03:00 AM.
 
Old 07-25-2004, 03:16 AM   #9
paul_m_d
Member
 
Registered: Dec 2003
Location: Canada
Posts: 47

Original Poster
Rep: Reputation: 15
Thanks for the links, Pete. The port scan found nothing suspicious. I don't run a mail server. And oddly enough, the MAC spoofing command said "resource busy" even though I took eth0 down first.

adz, I'm typing from my Mac and not my Linux box, so I have to type this in, but the first part of the ifconfig results is (inserting XXs for privacy):

Code:
eth0
Link encap:Ethernet  HWaddr 00:48:54:65:CD:XX
inet addr: 24.70.69.XX  Bcast: 255.255.255.255  Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
etc. etc. and then there's some similar information for device "lo".

nmap: "command not found"

Still not sure what to do. I'd really like to know if it's the machine or the IP address. I guess I could boot Knoppix.
 
Old 07-25-2004, 04:47 AM   #10
adz
Senior Member
 
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713

Rep: Reputation: 53
So what you're saying is each computer on your home network gets assigned an IP by your ISP? That's bizarre. Or is the linux box your gateway? Iguess what I'm saying is how is you network hooked up?

Last edited by adz; 07-25-2004 at 04:51 AM.
 
Old 07-25-2004, 05:06 PM   #11
paul_m_d
Member
 
Registered: Dec 2003
Location: Canada
Posts: 47

Original Poster
Rep: Reputation: 15
adz: my setup is: cable modem -> network hub -> various computers

As soon as a computer is connected to the hub, it gets a DHCP lease from the ISP. No need to register MAC addresses or anything. That's quite normal here in Canada; if my ISP was picky enough to register MACs, I'd find a different ISP.

Right now, I have a Linux box for file storage/backup and an iMac for "real work". My parents also have an XP machine on the network.
 
Old 07-25-2004, 05:20 PM   #12
Pete M
Member
 
Registered: Aug 2003
Location: UK
Distribution: Redhat 9 FC 3 SUSE 9.2 SUSE 9.3 Gentoo 2005.0 Debian Sid
Posts: 657

Rep: Reputation: 30
paul_m_d

This is avery biased observation cus I don't do Windows but could'nt the XP machine be causing the problems via some sort of worm or trojan

Pete
 
Old 07-25-2004, 05:41 PM   #13
Archite
Member
 
Registered: Jul 2004
Distribution: OpenBSD 3.5
Posts: 89

Rep: Reputation: 15
If you're using hub, then each computer connected would receive it's own ip from the isp. I would check and see which ip was causing the problem and then check the security settings on the machine. Another solution is to by a router of some sort which would allow you to control the mac address as well as firewall. When setting up the firewall, you might consider blocking certain port going out as well so that if one of your computers is tacken over, it is limited as to what it can do. As for the mac adress registering, it is not so much that the mac address is registered as it is that the dhcp server of your isp knows that your mac address was given a certain ip so when it sees your mac address again, it give you the same ip address. This will continue until the lease runs out. At that time, if you are connected, it will renew the lease, other wise it will relinquish the ip address to another computer. L8rz.
 
Old 07-25-2004, 09:08 PM   #14
adz
Senior Member
 
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713

Rep: Reputation: 53
Quote:
As soon as a computer is connected to the hub, it gets a DHCP lease from the ISP.
I just don't understand how your ISP can keep doing that. That's a very inefficient use of IPs. What's done in Australia (and - until now - I assumed done everywhere else) is IP masquerading. That way you only have one public IP and as many private ones as you want and no one ever has to worry about running out of IPs.

As to your actual problem of network traffic, could you run your Mandrake box and then run netstat and ps aux (and post them here) and see if there are any strange processes running. Hopefully, something wierd will show up to give us a clue.

Last edited by adz; 07-25-2004 at 09:15 PM.
 
Old 07-25-2004, 10:52 PM   #15
Archite
Member
 
Registered: Jul 2004
Distribution: OpenBSD 3.5
Posts: 89

Rep: Reputation: 15
Are you using a router or a cable modem/router adz? If so, then that's how you're "masquerading." Another term might be Network Address Translation. If you do not have one, the you are dependant up the ISP's DHCP server. I use Comcast as my ISP here in America, adz, and if I hook up a hub to my modem in lieu of my router, then I can grab as many IP's as I have computers. Maybe it's different with the ISP in question but I assume that it's the same.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DHCP doesnt renew lease on hotplug sm1else Linux - Wireless Networking 2 04-05-2005 03:10 AM
how do I renew a dhcp client lease? susefan Linux - Networking 2 03-07-2005 11:49 AM
dhclient lease renew ozplanit Linux - Networking 1 08-14-2004 02:49 AM
DHCP won't renew lease without reset of router! amped Linux - Networking 9 03-23-2004 10:37 PM
DHCP client fails to renew lease NiPNi Linux - Networking 2 04-06-2002 06:01 PM


All times are GMT -5. The time now is 04:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration