[prev in list] [next in list] [prev in thread] [next in thread]
List: hpux-admin
Subject: [HPADM] Re: Question: 11.23: dhcpd - blacklist MAC address from
From: Simon Loewenthal <simon.loewenthal () tele2 ! com>
Date: 2009-12-10 14:58:21
Message-ID: OFA21725E3.062C1CFE-ONC1257688.00519B03-C1257688.00523F74 () tele2 ! com
[Download RAW message or body]
This is a multipart message in MIME format.
--=_alternative 00523F73C1257688_=
Content-Type: text/plain; charset="US-ASCII"
Hi William,
Reason: Competing DHCP servers offering DHCPOFFERS on the same VLAN.
I thought that the server was an HP-UX box competing against my SLES DHCP
server, but as it turns out someone had left iphelpers configured on a
router! I am now trying to find out what these are, but don't know the
answer at present.
Since the offending DHCP server was beating the other SLES DHCP server to
the DHCP offer, and I thought that it was an HPUX box, then I considered
telling the HPUX box to ignore the particular MAC address (The SLES box
only serves out 1 address to a client for adhoc O/S installs).
If it turns out that the iphelpers are indeed required, then what sort of
bogus information might I have the HP box send the client so that the
other DHCP has a chance of getting the DHCP offer received by the client?
Is there way of having HPUX drop DHCP requests from a MAC address via a
firewall or similar? e.g pf or iptables/ipchains?
Cheers, Simon.
--
Simon Loewenthal/Tele2.com
GSM: +31 6 2000 5427
William Andrew Cranston <acranston@gmail.com> wrote on 12/10/2009 02:56:53
PM:
> Hello Simon,
>
> If the DHCP server implementation does not provide this feature then
> other ways to get the desired result might be:
>
> Use a firewall/packet filter to drop packets packets recieved from
> that MAC address.
>
> Rather than ignore the request why not configure DHCP to recognise
> that specific MAC address but then send it details it cannot use or
> that will cause the client/system at that MAC address undesired
> effects. For example deliberatley bad DNS servers.
>
> Are you able to explain what you are trying to achieve in more detail?
> What is a particular MAC address of such interest? Is it "badly
> behaved" or special in some other way?
>
> Hope this helps.
>
> Regards,
>
> William (Andy) Cranston.
>
>
> 2009/12/10 Simon Loewenthal <simon.loewenthal@tele2.com>:
> >
> > Hi folks,
> >
> > Quick question followed by hopefully simple answer. Although I
doubt
> > it.
> >
> > Can one configure DHCP on HP-UX 11.23 to ignore, and therefore not
respond
> > to, a DHCPDISCOVER from a specific MAC address?
> >
> > Bedankt,
> > S.
> >
> > --
> > Simon Loewenthal/Tele2.com
> > GSM: +31 6 2000 5427
> >
> > ******** IMPORTANT NOTICE ********
> > This e-mail (including any attachments) may contain information that
is
> > confidential or otherwise protected from disclosure and it is intended
only
> > for the addressees. If you are not the intended recipient, please note
that
> > any copying, distribution or other use of information contained in
this
> > e-mail (and its attachments) is not allowed. If you have received this
> > e-mail in error, kindly notify us immediately by telephone or e-mail
and
> > delete the message (including any attachments) from your system.
> >
> > Please note that e-mail messages may contain computer viruses or other
> > defects, may not be accurately replicated on other systems, or may be
> > subject of unauthorized interception or other interference without the
> > knowledge of sender or recipient. Tele2 only send and receive e-mails
on the
> > basis that Tele2 is not responsible for any such computer viruses,
> > corruption or other interference or any consequences thereof.
> >
******** IMPORTANT NOTICE ********
This e-mail (including any attachments) may contain information that is
confidential or otherwise protected from disclosure and it is intended
only for the addressees. If you are not the intended recipient, please
note that any copying, distribution or other use of information contained
in this e-mail (and its attachments) is not allowed. If you have received
this e-mail in error, kindly notify us immediately by telephone or e-mail
and delete the message (including any attachments) from your system.
Please note that e-mail messages may contain computer viruses or other
defects, may not be accurately replicated on other systems, or may be
subject of unauthorized interception or other interference without the
knowledge of sender or recipient. Tele2 only send and receive e-mails on
the basis that Tele2 is not responsible for any such computer viruses,
corruption or other interference or any consequences thereof.
--=_alternative 00523F73C1257688_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Hi William,</font>
<br>
<br><font size=2 face="sans-serif">Reason: Competing DHCP servers offering
DHCPOFFERS on the same VLAN. </font>
<br>
<br><font size=2 face="sans-serif">I thought that the server was an HP-UX
box competing against my SLES DHCP server, but as it turns out someone
had left iphelpers configured on a router! I am now trying to find
out what these are, but don't know the answer at present.</font>
<br>
<br><font size=2 face="sans-serif">Since the offending DHCP server was
beating the other SLES DHCP server to the DHCP offer, and I thought that
it was an HPUX box, then I considered telling the HPUX box to ignore the
particular MAC address (The SLES box only serves out 1 address to
a client for adhoc O/S installs). </font>
<br>
<br><font size=2 face="sans-serif">If it turns out that the iphelpers are
indeed required, then what sort of bogus information might I have the HP
box send the client so that the other DHCP has a chance of getting the
DHCP offer received by the client?</font>
<br>
<br><font size=2 face="sans-serif">Is there way of having HPUX drop DHCP
requests from a MAC address via a firewall or similar? e.g pf or
iptables/ipchains?</font>
<br>
<br><font size=2 face="sans-serif">Cheers, Simon.<br>
--<br>
Simon Loewenthal/Tele2.com<br>
GSM: +31 6 2000 5427</font>
<br>
<br><tt><font size=2>William Andrew Cranston <acranston@gmail.com>
wrote on 12/10/2009 02:56:53 PM:<br>
<br>
> Hello Simon,<br>
> <br>
> If the DHCP server implementation does not provide this feature then<br>
> other ways to get the desired result might be:<br>
> <br>
> Use a firewall/packet filter to drop packets packets recieved from<br>
> that MAC address.<br>
> <br>
> Rather than ignore the request why not configure DHCP to recognise<br>
> that specific MAC address but then send it details it cannot use or<br>
> that will cause the client/system at that MAC address undesired<br>
> effects. For example deliberatley bad DNS servers.<br>
> <br>
> Are you able to explain what you are trying to achieve in more detail?<br>
> What is a particular MAC address of such interest? Is
it "badly<br>
> behaved" or special in some other way?<br>
> <br>
> Hope this helps.<br>
> <br>
> Regards,<br>
> <br>
> William (Andy) Cranston.<br>
> <br>
> <br>
> 2009/12/10 Simon Loewenthal <simon.loewenthal@tele2.com>:<br>
> ><br>
> > Hi folks,<br>
> ><br>
> > Quick question followed by hopefully
simple answer. Although I doubt<br>
> > it.<br>
> ><br>
> > Can one configure DHCP on HP-UX 11.23 to ignore, and therefore
not respond<br>
> > to, a DHCPDISCOVER from a specific MAC address?<br>
> ><br>
> > Bedankt,<br>
> > S.<br>
> ><br>
> > --<br>
> > Simon Loewenthal/Tele2.com<br>
> > GSM: +31 6 2000 5427<br>
> ><br>
> > ******** IMPORTANT NOTICE ********<br>
> > This e-mail (including any attachments) may contain information
that is<br>
> > confidential or otherwise protected from disclosure and it is
intended only<br>
> > for the addressees. If you are not the intended recipient, please
note that<br>
> > any copying, distribution or other use of information contained
in this<br>
> > e-mail (and its attachments) is not allowed. If you have received
this<br>
> > e-mail in error, kindly notify us immediately by telephone or
e-mail and<br>
> > delete the message (including any attachments) from your system.<br>
> ><br>
> > Please note that e-mail messages may contain computer viruses
or other<br>
> > defects, may not be accurately replicated on other systems, or
may be<br>
> > subject of unauthorized interception or other interference without
the<br>
> > knowledge of sender or recipient. Tele2 only send and receive
e-mails on the<br>
> > basis that Tele2 is not responsible for any such computer viruses,<br>
> > corruption or other interference or any consequences thereof.<br>
> ><br>
</font></tt>
<br><font size=1 color=#808080 face="sans-serif"><br>
******** IMPORTANT NOTICE ********<br>
This e-mail (including any attachments) may contain information that is
confidential or otherwise protected from disclosure and it is intended
only for the addressees. If you are not the intended recipient, please
note that any copying, distribution or other use of information contained
in this e-mail (and its attachments) is not allowed. If you have received
this e-mail in error, kindly notify us immediately by telephone or e-mail
and delete the message (including any attachments) from your system.<br>
<br>
Please note that e-mail messages may contain computer viruses or other
defects, may not be accurately replicated on other systems, or may be subject
of unauthorized interception or other interference without the knowledge
of sender or recipient. Tele2 only send and receive e-mails on the basis
that Tele2 is not responsible for any such computer viruses, corruption
or other interference or any consequences thereof.</font>
<br>
--=_alternative 00523F73C1257688_=--
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic