Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
07-24-2004, 11:42 PM
|
#1
|
Member
Registered: Dec 2003
Location: Canada
Posts: 47
Rep:
|
Technical Q: How can I renew DHCP lease with different IP?
Here's the situation in a nutshell: I have Mandrake 9.2 running on one machine with all non-critical services (httpd, sshd, ftp, etc.) stopped. Whenever I plug in the network connection, I immediately get a ton of network traffic on that machine. Lots of frantic blinking on the hub and the cable modem. This is annoying, and what's more, my cable company called because they think a machine at my house is sending spam.
I suspect that another machine (likely with the same ISP), like a hacked Windows box, is sending spam and spoofing my IP address somehow. I have cable Internet access, and I'd like to know if there's some simple way of releasing my IP address (obtained through DHCP) and getting a different address. This machine has had the same IP address ever since I installed Mandrake in February.
I tried erasing the dhclient.leases file, but my machine grabbed the same old address anyway when I plugged the network cable back in. I'm really quite a newbie, could someone tell me how to get a different IP address?
|
|
|
07-25-2004, 12:27 AM
|
#2
|
Senior Member
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713
Rep:
|
That's more up to the DHCP server than the client. Is this a dynamically assigned address from your ISP? If so you'll have to call them to get a new one. If this is the situation then I don't think it's someone else spoofing your IP since if that were the case you'd probably not get so much traffic (only a guess, though).
A good thing to do would be to port scan your network from the outside. If you can remotely log into a box somewhere else (not on your home network) and port scan yourself you'll be able to see if any strange ports are open. Another question: Is your cable connection slower than it should be?
|
|
|
07-25-2004, 12:42 AM
|
#3
|
Member
Registered: Jul 2004
Distribution: OpenBSD 3.5
Posts: 89
Rep:
|
simple fix... get a new network card. The isp is most likely caching the lease based on your mac address. This means unless you change your mac address, you won't get a new ip address...
|
|
|
07-25-2004, 12:53 AM
|
#4
|
Member
Registered: Mar 2004
Posts: 519
Rep:
|
Yes, a different ethernet card would do it, unless you have to register your mac address with them (the PC's mac address, not the cable modems - that never changes), I doubt you have to do that.
With my netgear router, (which supports mac address spoofing), I can simply click 'renew' and I'll recieve a new IP address from NTL's DHCP server. I assume what it does is, Release, change mac address, Renew.
What I would do in your situation if I didn't have the router and wanted to force a new IP address is:
1) Power down the cable modem
2) Disconnect the cable modem and reconnect to another computer, probably a friends laptop in my case
3) Power up the modem, connect to the internet, check my e-mail then repeat the process again, this time with my main machine.
Nobody can garuntee you'll get a new IP address, but at least where I live, it's the same IP until I request a new one :)
|
|
|
07-25-2004, 01:03 AM
|
#5
|
Senior Member
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713
Rep:
|
Quote:
Nobody can garuntee you'll get a new IP address, but at least where I live, it's the same IP until I request a new one :)
|
The ISP can. Just call them. Oh and some ISPs wont let you just change MAC addresses without telling them as a security precaution.
Last edited by adz; 07-25-2004 at 01:16 AM.
|
|
|
07-25-2004, 02:33 AM
|
#6
|
Member
Registered: Dec 2003
Location: Canada
Posts: 47
Original Poster
Rep:
|
Thanks for the help so far.
With my cable service, IPs are just assigned whenever you plug a computer in, I've had dozens of different machines on my network over the years. So registering MAC addresses isn't an issue.
I've heard with Linux, you can change your card's MAC address. That might do the trick, anyone know how?
adz: I don't know how to do the stuff you suggested (log into another machine, scan my ports). Like I said, I'm a newbie. But I can't find anything malicious on my computer (it's Linux for gosh sakes) so I assume *something* is causing traffic to flood my IP address.
|
|
|
07-25-2004, 02:58 AM
|
#8
|
Senior Member
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713
Rep:
|
Quote:
With my cable service, IPs are just assigned whenever you plug a computer in, I've had dozens of
|
Are you sure it's your ISP assigning the IPs and not your modem? Can you do an ifconfig and post the result?
Quote:
adz: I don't know how to do the stuff you suggested (log into another machine, scan my ports). Like I said, I'm a newbie. But I can't find anything malicious on my computer (it's Linux for gosh sakes) so I assume *something* is causing traffic to flood my IP address.
|
Well you can just do an nmap <your public IP address>. This is not quite as good as doing it from a remote computer but it will probably do. Note that your public IP will not be in the form 192.168.xxx.xxx or 10.xxx.xxx.xxx. Just because it's linux doesn't mean that it's invulnerable. I'm not saying you've been compromised but it does happen.
Last edited by adz; 07-25-2004 at 03:00 AM.
|
|
|
07-25-2004, 03:16 AM
|
#9
|
Member
Registered: Dec 2003
Location: Canada
Posts: 47
Original Poster
Rep:
|
Thanks for the links, Pete. The port scan found nothing suspicious. I don't run a mail server. And oddly enough, the MAC spoofing command said "resource busy" even though I took eth0 down first.
adz, I'm typing from my Mac and not my Linux box, so I have to type this in, but the first part of the ifconfig results is (inserting XXs for privacy):
Code:
eth0
Link encap:Ethernet HWaddr 00:48:54:65:CD:XX
inet addr: 24.70.69.XX Bcast: 255.255.255.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
etc. etc. and then there's some similar information for device "lo".
nmap: "command not found"
Still not sure what to do. I'd really like to know if it's the machine or the IP address. I guess I could boot Knoppix.
|
|
|
07-25-2004, 04:47 AM
|
#10
|
Senior Member
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713
Rep:
|
So what you're saying is each computer on your home network gets assigned an IP by your ISP? That's bizarre. Or is the linux box your gateway? Iguess what I'm saying is how is you network hooked up?
Last edited by adz; 07-25-2004 at 04:51 AM.
|
|
|
07-25-2004, 05:06 PM
|
#11
|
Member
Registered: Dec 2003
Location: Canada
Posts: 47
Original Poster
Rep:
|
adz: my setup is: cable modem -> network hub -> various computers
As soon as a computer is connected to the hub, it gets a DHCP lease from the ISP. No need to register MAC addresses or anything. That's quite normal here in Canada; if my ISP was picky enough to register MACs, I'd find a different ISP.
Right now, I have a Linux box for file storage/backup and an iMac for "real work". My parents also have an XP machine on the network.
|
|
|
07-25-2004, 05:20 PM
|
#12
|
Member
Registered: Aug 2003
Location: UK
Distribution: Redhat 9 FC 3 SUSE 9.2 SUSE 9.3 Gentoo 2005.0 Debian Sid
Posts: 657
Rep:
|
paul_m_d
This is avery biased observation cus I don't do Windows but could'nt the XP machine be causing the problems via some sort of worm or trojan
Pete
|
|
|
07-25-2004, 05:41 PM
|
#13
|
Member
Registered: Jul 2004
Distribution: OpenBSD 3.5
Posts: 89
Rep:
|
If you're using hub, then each computer connected would receive it's own ip from the isp. I would check and see which ip was causing the problem and then check the security settings on the machine. Another solution is to by a router of some sort which would allow you to control the mac address as well as firewall. When setting up the firewall, you might consider blocking certain port going out as well so that if one of your computers is tacken over, it is limited as to what it can do. As for the mac adress registering, it is not so much that the mac address is registered as it is that the dhcp server of your isp knows that your mac address was given a certain ip so when it sees your mac address again, it give you the same ip address. This will continue until the lease runs out. At that time, if you are connected, it will renew the lease, other wise it will relinquish the ip address to another computer. L8rz.
|
|
|
07-25-2004, 09:08 PM
|
#14
|
Senior Member
Registered: Jun 2003
Location: Sydney
Distribution: Debian, FreeBSD
Posts: 1,713
Rep:
|
Quote:
As soon as a computer is connected to the hub, it gets a DHCP lease from the ISP.
|
I just don't understand how your ISP can keep doing that. That's a very inefficient use of IPs. What's done in Australia (and - until now - I assumed done everywhere else) is IP masquerading. That way you only have one public IP and as many private ones as you want and no one ever has to worry about running out of IPs.
As to your actual problem of network traffic, could you run your Mandrake box and then run netstat and ps aux (and post them here) and see if there are any strange processes running. Hopefully, something wierd will show up to give us a clue.
Last edited by adz; 07-25-2004 at 09:15 PM.
|
|
|
07-25-2004, 10:52 PM
|
#15
|
Member
Registered: Jul 2004
Distribution: OpenBSD 3.5
Posts: 89
Rep:
|
Are you using a router or a cable modem/router adz? If so, then that's how you're "masquerading." Another term might be Network Address Translation. If you do not have one, the you are dependant up the ISP's DHCP server. I use Comcast as my ISP here in America, adz, and if I hook up a hub to my modem in lieu of my router, then I can grab as many IP's as I have computers. Maybe it's different with the ISP in question but I assume that it's the same.
|
|
|
All times are GMT -5. The time now is 07:39 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|