[Dnsmasq-discuss] dnsmasq always answer dhcp NAK

Albert ARIBAUD albert.aribaud at free.fr
Sat Jan 21 08:37:45 GMT 2017


Hi again Nikita,

Le Sat, 21 Jan 2017 00:19:02 -0800
"Nikita N." <nikitan at operamail.com> a écrit:

> Hi,
> yes indeed, we are facing some kind of "stochastic bug", which happens
> randomly, otherwise that client network driver works usually fine.
> Also yes, that network card is not produced anymore,nor there is any
> bug support from the producer.
> Anyway, too bad dnsmasq cant handle this.
> I was infact hoping dnsmasq would handle this too, because it is very
> similar to the cases when a client changes network (routed
> correctly,no bug) when dnsmasq already answers such cases with a
> NAK+Message=wrong network.
> 
> Otherwise, the last resource I have (beside reboot) is forging a fake
> DHCP NAK with some hacker net tool... it feels awful even just typing
> isn it... :P
> Albert thanks, do you know of such specific alternate "standalone
> daemon which would spy on the DHCP traffic" you can suggest me (under
> linux of course)?
> Or an easy net tool to easily forge fake UDP frames you can suggest?
> Thanks

I assume you mean you don't want to actually code such a daemon in a
compilable language such as C, and are instead looking for something to
just install and configure without too much hassle?

Then there is scapy, a Python swiss-army-knife network application. Its
the man page says it can replace "hping, parts of nmap, arpspoof,
arp-sk, arping, tcpdump, tshark, p0f, ..."

See http://www.secdev.org/projects/scapy/demo.html for an introduction.
It shows interactive uses, but this being Python, scapy is scriptable.
It is also testable: you can feed it a pcap file and have it output to
a pcap file too. It knows DHCP at least to some point.

You should quite probably be able to write a script that recognizes
DHCP REQUESTs with mismatching IP layer and DHCP layer IPv4 addresses,
and craft the corresponding DHCP NAKs.

If, however, resources are scarce (e.g., in an embedded product), then
maybe you would be better off developing a C language daemon (possibly
based on libpcap if this library is already present on the DHCP server
marchine).

Amicalement,
-- 
Albert.



More information about the Dnsmasq-discuss mailing list