[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dhcp-hackers
Subject:    MAC address schizm!
From:       "Network Administration" <joseph () alyrica ! net>
Date:       2005-12-01 22:51:56
Message-ID: 026101c5f6c9$d4592ac0$8f8fc541 () joseph
[Download RAW message or body]

  Hello,

   My network consists of a couple hundred users spread out over a wide geographic \
area.  About 80 of these users are connecting to me via a bridge that operates in a \
special "single MAC address" mode -- in other words, the network "bridge" between me \
and the user takes the ethernet MAC from all outgoing packets, and rewrites it with \
it's own MAC.  For example (from an earlier tcpdump):

10:26:33.187935 00:00:8f:28:aa:fd > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), \
length 590: IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from \
00:13:10:6a:72:20, length: 548

As you can see, a device on this network (00:13:10:6a:72:20) is requesting a DHCP \
lease.  The "From" MAC address is different, though (00:00:8f:28:aa:fd).

Until last week, I was using dhcpd 3.0.1.  It replies with a DHCP reply to the packet \
"from" MAC, 00:00:8f:28:aa:fd.   The 3.0.3 version that I just installed, however, is \
trying to reply to the MAC contained within the DHCP packet (00:13:10:6a:72:20):

10:26:33.188165 00:06:25:07:4d:a6 > 00:13:10:6a:72:20, ethertype IPv4 (0x0800), \
length 342: IP 65.197.143.193.67 > 192.168.123.219.68: BOOTP/DHCP, Reply, length: 300

This fails miserably, because the quasi-bridge units are all expecting to recieve \
packets at their respective MAC addresses, the addresses that they are stamping onto \
the packets that pass through them.  They don't expect that someone will detect and \
use a MAC from a device hidden behind them (they are not true bridges, obviously).

 Does anyone know of a configuration directive that I can use to revert to the \
earlier method of replying to DHCP packets?  When was this changed?  The old dhcpd \
that I have probably came from an earlier 2.2 or 2.4 linux, likely a debian package.  \
The 3.0.3 that I am using was compiled under 2.6.13.2 for AMD 64bit.


Cheers,

Joseph


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic