Dhcp

ISC DHCP 客戶端不斷請求地址

  • February 25, 2016

突然間,我大學的網路凍結了,我們設法將問題隔離在 DHCP 埠上發送的大量 UDP 數據包上。經過仔細檢查,我們發現一些客戶端不斷向伺服器發送 DHCP 請求,儘管伺服器似乎做出了響應。我正在伺服器上粘貼系統日誌文件的範例(

$$ [client IP $$] 在所有條目中都相同,伺服器和客戶端 IP 在同一子網中)。非常奇怪的是,不僅有一個客戶端這樣做,甚至還有一個無線路由器,而且它今天才開始發生。沒有看到 isc-dhcp-server 已更新。任何幫助將不勝感激。

Feb 25 17:57:46 zeus dhcpd: DHCPRELEASE of [[client IP]] from 00:22:75:ea:e5:dc via eth1 (found)
Feb 25 17:57:48 zeus dhcpd: message repeated 3 times: [ DHCPRELEASE of [[client IP]] from 00:22:75:ea:e5:dc via eth1 (found)]
Feb 25 17:57:48 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:49 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:50 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:50 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:50 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:50 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:52 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1
Feb 25 17:57:53 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1

/var/lib/dh​​cp/dhcpd.leases 的內容:

lease [[client IP]] {
starts 4 2016/02/25 16:06:25;
ends 5 2016/02/26 16:06:25;
cltt 4 2016/02/25 16:06:25;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:06:25;
ends 5 2016/02/26 16:06:25;
cltt 4 2016/02/25 16:06:25;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:06:26;
ends 5 2016/02/26 16:06:26;
cltt 4 2016/02/25 16:06:26;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:06:27;
ends 4 2016/02/25 16:08:53;
tstp 4 2016/02/25 16:08:53;
cltt 4 2016/02/25 16:06:27;
binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:08:57;
ends 5 2016/02/26 16:08:57;
cltt 4 2016/02/25 16:08:57;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:08:57;
ends 4 2016/02/25 16:08:57;
tstp 4 2016/02/25 16:08:57;
cltt 4 2016/02/25 16:08:57;
binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:08:57;
ends 5 2016/02/26 16:08:57;
cltt 4 2016/02/25 16:08:57;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}
lease [[client IP]] {
starts 4 2016/02/25 16:08:57;
ends 4 2016/02/25 16:08:57;
tstp 4 2016/02/25 16:08:57;
cltt 4 2016/02/25 16:08:57;
binding state free;
hardware ethernet 00:22:75:ea:e5:dc;
uid "\001\000\"u\352\345\334";
}

如果這些客戶端和 DHCP 伺服器之間的通信僅以一種方式進行,您可能會看到此行為。

請求通過伺服器,伺服器響應但客戶端永遠不會得到響應。所以一直在問。

我已經看到由於電纜損壞而發生這種情況。所以我要嘗試的第一件事是給其中一個客戶端一個適當的靜態 IP 地址,看看它是否可以真正 ping DHCP 伺服器並獲得響應。

作為解決網路功能的臨時解決方法,我建議為這些具有預定義 IP 地址的 MAC 添加靜態租約,形式為

host probably-infected {
  hardware ethernet 00:22:75:ea:e5:dc;
  fixed-address <SOME FIXED IP>;
}

並繼續調查這些 MAC 出了什麼問題。

引用自:https://serverfault.com/questions/759798