Technical Q: How can I renew DHCP lease with different IP?
Here's the situation in a nutshell: I have Mandrake 9.2 running on one machine with all non-critical services (httpd, sshd, ftp, etc.) stopped. Whenever I plug in the network connection, I immediately get a ton of network traffic on that machine. Lots of frantic blinking on the hub and the cable modem. This is annoying, and what's more, my cable company called because they think a machine at my house is sending spam.
I suspect that another machine (likely with the same ISP), like a hacked Windows box, is sending spam and spoofing my IP address somehow. I have cable Internet access, and I'd like to know if there's some simple way of releasing my IP address (obtained through DHCP) and getting a different address. This machine has had the same IP address ever since I installed Mandrake in February. I tried erasing the dhclient.leases file, but my machine grabbed the same old address anyway when I plugged the network cable back in. I'm really quite a newbie, could someone tell me how to get a different IP address? |
That's more up to the DHCP server than the client. Is this a dynamically assigned address from your ISP? If so you'll have to call them to get a new one. If this is the situation then I don't think it's someone else spoofing your IP since if that were the case you'd probably not get so much traffic (only a guess, though).
A good thing to do would be to port scan your network from the outside. If you can remotely log into a box somewhere else (not on your home network) and port scan yourself you'll be able to see if any strange ports are open. Another question: Is your cable connection slower than it should be? |
simple fix... get a new network card. The isp is most likely caching the lease based on your mac address. This means unless you change your mac address, you won't get a new ip address...
|
Yes, a different ethernet card would do it, unless you have to register your mac address with them (the PC's mac address, not the cable modems - that never changes), I doubt you have to do that.
With my netgear router, (which supports mac address spoofing), I can simply click 'renew' and I'll recieve a new IP address from NTL's DHCP server. I assume what it does is, Release, change mac address, Renew. What I would do in your situation if I didn't have the router and wanted to force a new IP address is: 1) Power down the cable modem 2) Disconnect the cable modem and reconnect to another computer, probably a friends laptop in my case 3) Power up the modem, connect to the internet, check my e-mail then repeat the process again, this time with my main machine. Nobody can garuntee you'll get a new IP address, but at least where I live, it's the same IP until I request a new one :) |
Quote:
|
Thanks for the help so far.
With my cable service, IPs are just assigned whenever you plug a computer in, I've had dozens of different machines on my network over the years. So registering MAC addresses isn't an issue. I've heard with Linux, you can change your card's MAC address. That might do the trick, anyone know how? adz: I don't know how to do the stuff you suggested (log into another machine, scan my ports). Like I said, I'm a newbie. :) But I can't find anything malicious on my computer (it's Linux for gosh sakes) so I assume *something* is causing traffic to flood my IP address. |
paul_m_d
If you want to perform a ports scan try these sites, on the second one look halfway down the page for ShieldsUP http://www.dslreports.com/scan http://www.grc.com/default.htm For MAC address spoofing go here http://whoozoo.co.uk/mac-spoof-linux.htm Do you run a mail server ? if so go here to check that you are not an open relay for spam http://www.abuse.net/relay.html Pete |
Quote:
Quote:
|
Thanks for the links, Pete. The port scan found nothing suspicious. I don't run a mail server. And oddly enough, the MAC spoofing command said "resource busy" even though I took eth0 down first.
adz, I'm typing from my Mac and not my Linux box, so I have to type this in, but the first part of the ifconfig results is (inserting XXs for privacy): Code:
eth0 nmap: "command not found" Still not sure what to do. I'd really like to know if it's the machine or the IP address. I guess I could boot Knoppix. |
So what you're saying is each computer on your home network gets assigned an IP by your ISP? That's bizarre. Or is the linux box your gateway? Iguess what I'm saying is how is you network hooked up?
|
adz: my setup is: cable modem -> network hub -> various computers
As soon as a computer is connected to the hub, it gets a DHCP lease from the ISP. No need to register MAC addresses or anything. That's quite normal here in Canada; if my ISP was picky enough to register MACs, I'd find a different ISP. Right now, I have a Linux box for file storage/backup and an iMac for "real work". My parents also have an XP machine on the network. |
paul_m_d
This is avery biased observation cus I don't do Windows but could'nt the XP machine be causing the problems via some sort of worm or trojan Pete |
If you're using hub, then each computer connected would receive it's own ip from the isp. I would check and see which ip was causing the problem and then check the security settings on the machine. Another solution is to by a router of some sort which would allow you to control the mac address as well as firewall. When setting up the firewall, you might consider blocking certain port going out as well so that if one of your computers is tacken over, it is limited as to what it can do. As for the mac adress registering, it is not so much that the mac address is registered as it is that the dhcp server of your isp knows that your mac address was given a certain ip so when it sees your mac address again, it give you the same ip address. This will continue until the lease runs out. At that time, if you are connected, it will renew the lease, other wise it will relinquish the ip address to another computer. L8rz.
|
Quote:
As to your actual problem of network traffic, could you run your Mandrake box and then run netstat and ps aux (and post them here) and see if there are any strange processes running. Hopefully, something wierd will show up to give us a clue. |
Are you using a router or a cable modem/router adz? If so, then that's how you're "masquerading." Another term might be Network Address Translation. If you do not have one, the you are dependant up the ISP's DHCP server. I use Comcast as my ISP here in America, adz, and if I hook up a hub to my modem in lieu of my router, then I can grab as many IP's as I have computers. Maybe it's different with the ISP in question but I assume that it's the same.
|
All times are GMT -5. The time now is 09:34 PM. |