Thank you! That was the problem. There is an interesting vulnerability with
using dhcrelay. If I use an app like udpflood.exe and flood port 67 on the
interface with the dhcp server (eth1 in this case) with udp traffic that
varies between 1 and 100 bytes I grind our entire network to a halt. My logs
instantly fill with messages like this:
May 24 20:25:46 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
131.51.22.73
May 24 20:25:46 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:46 firewall last message repeated 13 times
May 24 20:25:46 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
170.86.27.94
May 24 20:25:46 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 7 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
197.227.233.102
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 6 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
124.251.251.242
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 3 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
39.185.213.55
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 8 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
166.197.49.69
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 34 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
109.148.55.57
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 25 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
150.105.253.133
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 10 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
154.120.240.0
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 6 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
24.4.108.161
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 2 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
116.228.118.206
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 56 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
180.183.231.219
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
249.100.252.155
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 16 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
90.28.104.60
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 35 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
148.74.194.1
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
233.53.69.172
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:47 firewall last message repeated 15 times
May 24 20:25:47 firewall dhcrelay: ignoring BOOTREQUEST with giaddr of
245.239.13.192
May 24 20:25:47 firewall dhcrelay: Discarding packet with invalid hlen.
May 24 20:25:48 firewall last message repeated 25 times
Is there any way to prevent this from happening? Would this be considered a
bug? The bottom line for me is that it does work I just wanted to make sure
that everyone knew that it does have a potential weakness. Please correct me
if I am wrong.
Thank you! To all of you that helped me get this working.
Troy
-----Original Message-----
From: guitarlynn [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 24, 2002 4:36 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS
> It is possible to work around this problem on some versions of Linux
> by creating a host route from your network interface address to
> 255.255.255.255. The command you need to use to do this on Linux
> varies from version to version. The easiest version is:
>
> route add -host 255.255.255.255 dev eth0"
>
> Someone please help me out here. I have downloaded and tried every
> version of dhcrelay from 1.1 to 1.4 and they all give the same error
> when they load.
>
Load the "ifconfig.lrp" package for the route command or change the
script to take the iproute command(s).
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer, you've probably got the wrong question!
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
