Bug#743335: debian-installer: udhcpc coping with rogue DHCP servers
On Mon, Sep 14, 2015 at 04:04:56PM +0200, Oliver Kopp wrote:
>
> dhclient gives following output
> --cut--
> Internet Systems Consortium DHCP Client 4.2.4
> DHCPREQUEST of 10.0.1.27 on eth0 to 255.255.255.255 port 67 (xid=0x58dd7a8a)
> DHCPNAK from 10.0.1.1 (xid=0xf89915c)
> DHCPNAK from 10.0.1.1 (xid=0xf89915c)
> --end--
>
> > My advice to Oliver: Check your LAN and search for 10.0.1.1. That 10.0.1.1. is from
> >> Sep 14 12:25:53 iaas2 dhcpd: DHCPREQUEST for 10.0.1.28 (10.0.1.1) from 00:50:56:85:c2:a2 via eth0
>
> Yeah, I'm trying to find that host. As I don't have access to the
> routers for myself, I have to rely on other guys.
What my approach would be:
(summary: go with a MAC-address to network admins)
* bring the system (again) to a state where I can use dhclient
* install my favorite network sniffer ( e.g. tcpdump, tshark, wireshark )
* set network traffic capture on eth0 for ports 67 and 68 (BOOTP (DHCP))
* activate dhclient, wait for DHCP packet in the 10.0.1.x network
* stopping the network capture
* analyze the network capture, filter out the MAC-adress of 10.0.1.1
* contact network administrators and ask them which switch-port has
the MAC-adres that was found in previous step
* asking the network administrators which host is at the switch-port
that was found in the previous step
* finding the owner of the host that was found in the previous step
* not being surprised when the host does virtualization ...
Groeten
Geert Stappers
--
Leven en laten leven
Reply to: