Community discussions

 
Neurotox
just joined
Topic Author
Posts: 1
Joined: Wed Mar 27, 2019 6:55 am

DHCP "flood" Malformed Packet

Wed Mar 27, 2019 7:41 am

Hello,

I'm a new user of Mikoritk.

I have notice some strange traffic coming from my hEX device.
My hEX seems to send 1 or 2 "DHCP Discover"(Malformed Packet) every second on the "lan" side.

What I have try so far:
-Reboot
-Flush my DHCP client and server config
-Disable DHCP package (the device keep sending the packets event with the package disable and after a reboot)
-Unplug every not used Ethernet port (including "Wan")
-RouterOS 6.44.1 and 6.43.1

Other strange behavior(solved):
-Some device on my network was receiving some bad DHCP config (wrong gateway, wrong netmask and wrong DNS). Those setting seems to be a mix of the DHCP config received from my ISP, my local DHCP server config and some apparently random but coherent setting.
-Fix: I have flush my DHCP-server config and reset it.
-Start of the issue: after upgrading from 6.43.1 to 6.44.1
-This issue have bring me to sniff my network traffic to try to understand what was going on, at this time, I have notice the "DHCP Discover(Malformed Packet)"

I'm lost! I try to understand what occur and how to correct it.

Thanks,
Neurotox

RouterOs: 6.44.1
Device: rb750gr3
Firmware: mt7621L 6.44.1
(I have also try with 6.43.13)


ether1: To my ISP (cable modem)
ether2: To my AP (dhcp disable on the AP)

> /system package print
Flags: X - disabled 
 #   NAME                                                                                              VERSION                                                                                              SCHEDULED              
 0   routeros-mmips                                                                                    6.44.1                                                                                                                      
 1   system                                                                                            6.44.1                                                                                                                      
 2 X ipv6                                                                                              6.44.1                                                                                                                      
 3 X wireless                                                                                          6.44.1                                                                                                                      
 4   hotspot                                                                                           6.44.1                                                                                                                      
 5   mpls                                                                                              6.44.1                                                                                                                      
 6   routing                                                                                           6.44.1                                                                                                                      
 7 X ppp                                                                                               6.44.1                                                                                                                      
 8   dhcp                                                                                              6.44.1                                                                                                                      
 9   security                                                                                          6.44.1                                                                                                                      
10   advanced-tools                                                                                    6.44.1                                                                                                                     

> /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ether1                              ether            1500  1596       2026 B8:69:F4:XX:XX:FB
 1  RS ether2-master                       ether            1500  1596       2026 B8:69:F4:XX:XX:FC
 2   S ether3                              ether            1500  1596       2026 B8:69:F4:XX:XX:FD
 3   S ether4                              ether            1500  1596       2026 B8:69:F4:XX:XX:FE
 4   S ether5                              ether            1500  1596       2026 B8:69:F4:XX:XX:FF
 5  R  ;;; created from master port
       bridge1                             bridge           1500  1596            B8:69:F4:XX:XX:FC

> /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                                                                         
 0   ;;; defconf
     192.168.0.1/24     192.168.0.0     bridge1                                                                                                                                                                           
 1   192.168.0.3/24     192.168.0.0     bridge1                                                                                                                                                                           
 2 D xxx.xxx.xxx.154/27 xxx.xxx.xxx.128 ether1
 
 
 > /ip dhcp-server print
Flags: D - dynamic, X - disabled, I - invalid 
 #    NAME                                                      INTERFACE                                                      RELAY           ADDRESS-POOL                                                      LEASE-TIME ADD-ARP
 0    dhcp1                                                     bridge1                                                                        dhcp_pool2                                                        10m       


> /ip dhcp-server network print
Flags: D - dynamic 
 #   ADDRESS            GATEWAY         DNS-SERVER                                                                                 WINS-SERVER     DOMAIN                                                                          
 0   192.168.0.0/24     192.168.0.1     192.168.0.1,8.8.8.8,xx.xxx.xxx.28,xx.xxx.xxx.29                                           


> /ip pool print               
 # NAME                                                                                                                                                                                             RANGES                         
 0 dhcp_pool2                                                                                                                                                                                       192.168.0.100-192.168.0.200    


> /ip dhcp-client print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0 D ;;; internet detect
     interface=ether1 add-default-route=yes default-route-distance=1 use-peer-dns=yes use-peer-ntp=yes dhcp-options=hostname,clientid status=bound address=xxx.xxx.xxx.154/27 gateway=xxx.xxx.xxx.129 dhcp-server=xxx.xxx.xxx.193 
     primary-dns=xx.xxx.xxx.28 secondary-dns=xx.xxx.xxx.29 expires-after=23h3m58s
 
uhernandez
just joined
Posts: 1
Joined: Sat Feb 03, 2018 7:36 pm

Re: DHCP "flood" Malformed Packet

Mon Apr 15, 2019 8:06 am

I have the same problem with an RB931 v6.44.2

With Wireshark I observe many DHCP "Malformed Packet" in my LAN, even disabling the DHCP server. What is the problem? How do I solve it?
 
R1CH
Forum Veteran
Forum Veteran
Posts: 884
Joined: Sun Oct 01, 2006 11:44 pm

Re: DHCP "flood" Malformed Packet

Mon Apr 15, 2019 11:25 pm

Disable detect-internet "feature".
 
EvgeniyV
just joined
Posts: 4
Joined: Sun Oct 28, 2018 5:49 pm

Re: DHCP "flood" Malformed Packet

Tue Apr 16, 2019 11:50 pm

Disable detect-internet "feature".
Great Thanks, it helped for me.

Who is online

Users browsing this forum: No registered users and 41 guests