Community discussions

MUM Europe 2020
 
ejansson
Member
Member
Topic Author
Posts: 301
Joined: Fri Oct 21, 2005 4:09 pm
Location: Manitoba, Canada

Blocking roug DHCP server

Mon Sep 03, 2007 3:59 am

How can i filter out a router on the our wireless network that is giving out 192.168 address, and thus preventing customers getting a proper address?

We have a small wireless network so we can put the filter on the client radio. If there is a more central way of doing this I would be interested to know how.

I'm hoping to be able to filer just out going responses but I'm not sure of the proper ports etc.


Erik
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Blocking roug DHCP server

Mon Sep 03, 2007 4:37 am

If they're all connected to a wireless network, just turn off default-forwarding
This stops users from being able to see each other.
Sometimes also known as "client separation"
default-forwarding (yes | no; default: yes) - to use data forwarding by default or not. If set to 'no', the registered clients will not be able to communicate with each other
- from the Manual
 
UniKyrn
Member Candidate
Member Candidate
Posts: 245
Joined: Fri Dec 24, 2004 9:27 pm
Location: Spokane, WA

Re: Blocking roug DHCP server

Mon Sep 03, 2007 8:11 am

You can also use the forward firewall rules to block DHCP requests headed TO a wireless client and replies coming FROM wireless clients.
 
ejansson
Member
Member
Topic Author
Posts: 301
Joined: Fri Oct 21, 2005 4:09 pm
Location: Manitoba, Canada

Re: Blocking roug DHCP server

Mon Sep 03, 2007 10:59 pm

I understand that default forwrding would prevent the dhcp issue on the ap but does it or can it prevent the problem accross several aps that are on the same subnet?

My thought was to use the fire wall but was unsure of what ports dhcp used for request and replys.

Thanks

Erik
 
User avatar
tgrand
Long time Member
Long time Member
Posts: 671
Joined: Mon Aug 21, 2006 2:57 am
Location: Winnipeg, Manitoba, Canada

Re: Blocking roug DHCP server

Tue Sep 04, 2007 5:45 am

DHCP discover message - The initial broadcast sent by the client to obtain a DHCP lease. It contains the client MAC address and computer name. This is a broadcast using 255.255.255.255 as the destination address and 0.0.0.0 as the source address. The request is sent, then the client waits one second for an offer. The request is repeated at 9, 13, and 16 second intervals with additional 0 to 1000 milliseconds of randomness. The attempt is repeated every 5 minutes thereafter.

The client uses its own port 68 as the source port with port 67 as the destination port on the server to send the request to the server. The server uses its own port 67 as the source port with port 68 as the destination port on the client to reply to the client. Therefore the server is listening and sending on its own port 67 and the client is listening and sending on its own port 68. This can be confusing when you consider which way the message is going. To be clear on this, I quote RFC 1531 which states "DHCP messages from a client to a server are sent to the 'DHCP server' port (67), and DHCP messages from a server to a client are sent to the 'DHCP client' port (68)"

Who is online

Users browsing this forum: MSN [Bot] and 88 guests