[Dnsmasq-discuss] Option 12 hostname sent to RPi seems incorrect

wkitty42 at gmail.com wkitty42 at gmail.com
Sun Oct 24 21:27:14 UTC 2021


On 10/21/21 7:05 AM, Shrenik Bhura wrote:
>     DHCP Request
> 
>      >           Server-ID (54), length 4: 192.168.67.1
>      >           Requested-IP (50), length 4: 192.168.67.53
>      >           Hostname (12), length 13: "192.168.67.53"
> 
>     Client says "My hostname is '192.168.67.53'"
> 
[...]
>      >           Hostname (12), length 3: "192"
> 
>     Server says "Your hostname is '192'"
> 
> May be the code that logs this line needs to be checked if it is just printing 
> part of the complete hostname i.e. IP address.

the problem here is the client looks to be misconfigured if it is telling the 
server its name is an IP address... they are very different...

i have, however, seen malicious clients doing the same in years past when they 
have been accessing my servers... they were attempting to throw off 
investigation about their origins... some even tried to say they were 127.0.0.1 
to throw off investigations... it was at this time that both host names and 
actual origin IPs were logged and the truth was found out...

then there's the malicious DNS servers that also serve up wrong addresses and 
host names in attempts to hide their true identities... we see a lot of that 
from certain spaces when wearing our various network security hats and doing 
deep analysis of malicious traffic... especially from spammers and some botnets...


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*



More information about the Dnsmasq-discuss mailing list