On Fri, Feb 15, 2002 at 09:57:21AM +0100, Roland Salzburger wrote:
Elf,
When i set up any machine on my network, it picks up an ip number from somewhere, but not from my domain. I assume whatever port dhcp works on is open, allowing it to pick up an ip from an outside dhcp server. Which port/protocol do i block to stop machines picking up this outside DHCP server?
I am not sure whether dhcp is a routable protocol in the first place; if it is not, an outside machine can neither receive nor answer dhcp requests from your machines. AFAIK dhcp clients broadcast their subnet only.
Yes, DHCP operates on link level (at least for the broadcasts). However the protocols allows relaying the packets (then via unicast) to a DHCP server on another physical network. But you need a DHCP gateway for that.
But why not use a port scanner to check for open ports and a network monitoring software to see where the answers to the dhcp requests come from?
Why not run the DHCP client in debug mode and look into the log files? :) The ports to be blocked would be 67 and 68 (UDP). Try 'tcpdump -i <device> port 67 or port 68' Note that some OSes, if they are configured as DHCP clients but there is no server answering, try and pick random addresses in the 169.254.x.x (LINKLOCAL) range (MacOS, Windows). Peter -- VFS: Busy inodes after unmount. Self-destruct in 5 seconds. Have a nice day...