[Dnsmasq-discuss] no-ping option treats hosts as 'cannot ping'

Joolee dnsmasq at joolee.nl
Wed Feb 10 22:39:28 GMT 2016


I am currently doing some testing with DHCP Spoofing and DHCP Starvation
attacks. When performing the starvation attack with pig.py, I noticed that
dnsmasq keeps assigning the same IP addresses over and over again with
consecutive runs. That is potentially great from a security point of view
but not what I had in mind (I wasn't testing dnsmasq's resiliency)

I was testing with this command line:
dnsmasq --no-daemon --dhcp-range=10.0.10.50,10.0.10.100,5m
--dhcp-option=option:router,10.0.10.1

First thing you will think now is, dnsmasq does a ping check after
assigning an IP address and when no reply is received, the address goes
back to 'available'. pig.py doesn't actually start listening on the
received IP addresses so no ping will ever be returned.
That's what I thought to, so I tried using the --no-ping option to try and
disable this behaviour. And started running pig.py in an endless loop.

dnsmasq --no-ping --no-daemon --dhcp-range=10.0.10.50,10.0.10.100,5m
--dhcp-option=option:router,10.0.10.1

This seemed to work, I got messages telling 'no address available' in the
dnsmasq log output. After a while though, IP addresses where assigned
again, and again, and again... No help there. Of course, I dove into the
dnsmasq source and found out that after assigning an addres via DHCP, the
address gets 'blacklisted' for thirty seconds, after which it automatically
becomes available again, unless a ping response has been received in the
mean time.

The --no-ping option disables the actual pinging but doesn't disable the
thirty second timeout. Thus *all* assigned IP addresses become available
again after just 30 seconds using this option! Not only does this count as
unexpected behaviour (in my eyes), this also tells me that when my servers
won't respond to ping calls, their IP addresses will be free-for-all after
just thirty seconds!

I don't know what to expect when a server doesn't reply to a ping using
normal dnsmasq options, but when the --no-ping option is set, I expect
dnsmasq to return to the default behaviour of expiring addresses only after
lease-time has expired. This sounds like a bug to me. Is this by design, am
I doing something wrong or is this really a bug?

Kind regards,
Peter Overtoom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160210/1b50d401/attachment.html>


More information about the Dnsmasq-discuss mailing list