Yes, I've noticed that all affected clients are BOOTP clients!
--
From: Buhrmaster, Gary g...@slac.stanford.edu
Sent: Sunday, February 15, 2009 7:51 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] DHCP Binding Expiration
BOOTP.
Have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Didn't Infoblox just announce a module for the ISR for DNS/DHCP/NTP?
That might be more appropriate somehow...
Scott
On Feb 9, 2009, at 12:50 PM, Justin Shore wrote:
Manaf Al Oqlah wrote:
Hi all,
I am configuring a Cisco 7600 router as DHCP
BOOTP.
Have not used the IOS dhcp server in a long
time (the ISC dhcp server is far more capable),
but when I did, I vaguely recall adding these
commands which eliminated the infinite lease
times in my specific environment (which were
all traced down to bootp requests):
no ip bootp
Hi,
this is turning religious, but still...
On Mon, Feb 09, 2009 at 01:30:16PM -0600, Justin Shore wrote:
One thing on my to do list is to figure out how to always reject lease
extension requests to force the CPE to pull a new IP every time a lease
expires. This would prevent many of the
Manaf Al Oqlah wrote:
Hi all,
I am configuring a Cisco 7600 router as DHCP server for my broadband clients. I am using DHCP snooping and ARP inspection for security reasons and the leased time expiration is set for 30 minutes and no excluded-address is configured. The problem is that I still
@puck.nether.net
Subject: Re: [c-nsp] DHCP Binding Expiration
Manaf Al Oqlah wrote:
Hi all,
I am configuring a Cisco 7600 router as DHCP server for my broadband
clients. I am using DHCP snooping and ARP inspection for security
reasons and the leased time expiration is set for 30 minutes
Hi,
BTW, I'd recommend not using the IOS DHCP server for anything that more
than convenience at a very small site. I would highly recommend
deploying a server-based DHCP server like ISC DHCPd. Lots more bells a
agreed - DHCP brough out 2600 series routers to their knees. a quick
ISC
Church, Charles wrote:
Aren't those BOOTP clients that don't understand the concept of an
expiration?
Once when I was curious (and very bored) I tracked a couple of them
down. One was a Windows XP machine and the other was a fairly new
D-Link router/firewall CPE (which we have hundreds on
enough to look into
it. Might be interesting to find out why though...
Chuck
-Original Message-
From: Justin Shore [mailto:jus...@justinshore.com]
Sent: Monday, February 09, 2009 2:11 PM
To: Church, Charles
Cc: Manaf Al Oqlah; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] DHCP Binding
Church, Charles wrote:
Interesting. Might be fun (in a dorky networking kind of way) to look
at a packet capture of it. Maybe the client doesn't like the lease
time, or it's tied into DDNS somehow. I looked a bit, and found in the
RFC (http://www.faqs.org/rfcs/rfc2131.html) a blurb about
Hi,
expires. This would prevent many of the less technical users from
trying to run a publicly-accessible server. Set the lease time to 2
default TCP inbound deny works wonders for this. Or, even crueller, NAT
I've seen systems do something similar before (or at least I thought
they
...@lboro.ac.uk
Sent: Monday, February 09, 2009 10:01 PM
To: Justin Shore jus...@justinshore.com
Cc: cisco-nsp@puck.nether.net; Church, Charles cchur...@harris.com
Subject: Re: [c-nsp] DHCP Binding Expiration
Hi,
expires. This would prevent many of the less technical users from
trying to run
Manaf Al Oqlah wrote:
hi all,
thank you for your help.
It seems that all those hosts with infinite expiration time are devices
that do not have client identifier such as D-Link, Cisco Linksys
routers or Unix systems. does it make sense?
I don't think that's the cause of the problem. We
On Monday 09 February 2009 12:50:54 Justin Shore wrote:
Manaf Al Oqlah wrote:
The problem is that I still can see some
clients IP addresses lease expiration are Infinite in the DHCP binding!
what could be the reason for this behavior and could be this some sort of
attack!!
I get them
...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Justin Shore
Sent: Monday, February 09, 2009 1:30 PM
To: Church, Charles
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] DHCP Binding Expiration
snip
One thing on my to do list is to figure out how to always reject lease
Hi all,
I am configuring a Cisco 7600 router as DHCP server for my broadband clients. I
am using DHCP snooping and ARP inspection for security reasons and the leased
time expiration is set for 30 minutes and no excluded-address is configured.
The problem is that I still can see some clients
16 matches
Mail list logo
