突然之间,我的大学的networking已经冻结,我们设法将问题隔离到在DHCP端口上发送的大量UDP数据包。 仔细观察,我们发现有些客户端使用DHCP请求保持垃圾邮件服务器,尽pipe服务器似乎回应。 我在服务器上粘贴一个syslog文件的样本([[client IP]]在所有条目中都是相同的,服务器和客户端IP在同一个子网中)。 非常奇怪的是,这不仅仅是一个客户端,甚至还有一个无线路由器,它现在才刚刚起步。 isc-dhcp-server没有被更新。 任何援助将不胜感激。
Feb 25 17:57:46 zeus dhcpd: DHCPRELEASE of [[client IP]] from 00:22:75:ea:e5:dc via eth1 (found) Feb 25 17:57:48 zeus dhcpd: message repeated 3 times: [ DHCPRELEASE of [[client IP]] from 00:22:75:ea:e5:dc via eth1 (found)] Feb 25 17:57:48 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:49 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:50 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:50 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:50 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:50 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:51 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:52 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:52 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:52 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:52 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:52 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:52 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:52 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:52 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPREQUEST for [[client IP]] ([[server IP]]) from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPACK on [[client IP]] to 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPDISCOVER from 00:22:75:ea:e5:dc via eth1 Feb 25 17:57:53 zeus dhcpd: DHCPOFFER on [[client IP]] to 00:22:75:ea:e5:dc via eth1 /var/lib/dhcp/dhcpd.leases的内容:
lease [[client IP]] { starts 4 2016/02/25 16:06:25; ends 5 2016/02/26 16:06:25; cltt 4 2016/02/25 16:06:25; binding state active; next binding state free; rewind binding state free; hardware ethernet 00:22:75:ea:e5:dc; uid "\001\000\"u\352\345\334"; } lease [[client IP]] { starts 4 2016/02/25 16:06:25; ends 5 2016/02/26 16:06:25; cltt 4 2016/02/25 16:06:25; binding state active; next binding state free; rewind binding state free; hardware ethernet 00:22:75:ea:e5:dc; uid "\001\000\"u\352\345\334"; } lease [[client IP]] { starts 4 2016/02/25 16:06:26; ends 5 2016/02/26 16:06:26; cltt 4 2016/02/25 16:06:26; binding state active; next binding state free; rewind binding state free; hardware ethernet 00:22:75:ea:e5:dc; uid "\001\000\"u\352\345\334"; } lease [[client IP]] { starts 4 2016/02/25 16:06:27; ends 4 2016/02/25 16:08:53; tstp 4 2016/02/25 16:08:53; cltt 4 2016/02/25 16:06:27; binding state free; hardware ethernet 00:22:75:ea:e5:dc; uid "\001\000\"u\352\345\334"; } lease [[client IP]] { starts 4 2016/02/25 16:08:57; ends 5 2016/02/26 16:08:57; cltt 4 2016/02/25 16:08:57; binding state active; next binding state free; rewind binding state free; hardware ethernet 00:22:75:ea:e5:dc; uid "\001\000\"u\352\345\334"; } lease [[client IP]] { starts 4 2016/02/25 16:08:57; ends 4 2016/02/25 16:08:57; tstp 4 2016/02/25 16:08:57; cltt 4 2016/02/25 16:08:57; binding state free; hardware ethernet 00:22:75:ea:e5:dc; uid "\001\000\"u\352\345\334"; } lease [[client IP]] { starts 4 2016/02/25 16:08:57; ends 5 2016/02/26 16:08:57; cltt 4 2016/02/25 16:08:57; binding state active; next binding state free; rewind binding state free; hardware ethernet 00:22:75:ea:e5:dc; uid "\001\000\"u\352\345\334"; } lease [[client IP]] { starts 4 2016/02/25 16:08:57; ends 4 2016/02/25 16:08:57; tstp 4 2016/02/25 16:08:57; cltt 4 2016/02/25 16:08:57; binding state free; hardware ethernet 00:22:75:ea:e5:dc; uid "\001\000\"u\352\345\334"; }
如果通信只能在这些客户端和DHCP服务器之间进行,您可能会看到此行为。
请求通过到服务器,服务器响应,但客户端从来没有得到响应。 所以它一直问。
由于布线损坏,我已经看到了这种情况。 所以我要尝试的第一件事就是给客户端一个合适的静态IP地址,看看它是否可以ping通DHCP服务器并获得响应。
作为解决networkingfunction的临时解决scheme,我build议为这些具有预定义IP地址的MAC添加静态租约,forms为
host probably-infected { hardware ethernet 00:22:75:ea:e5:dc; fixed-address <SOME FIXED IP>; }
并继续调查这些MAC有什么问题。