1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The possible way to prevent 2 dhcp jam your tomato?

Discussion in 'Tomato Firmware' started by commandonut, Oct 9, 2010.

  1. commandonut

    commandonut LI Guru Member

    Hi~ all i need advice.

    I have a problem with some guy create a dhcp service on my network and then it jam all pc link their gateway to him. Sadly my client can not protect them self.

    After a few hour for google search. I have seen some comment they say" no way to protect your dhcp server from another clone dhcp server in your local area network , Why don't you try PPPoE server ."

    Any solution here ?:)
     
  2. Toastman

    Toastman Super Moderator Staff Member Member

  3. FattysGoneWild

    FattysGoneWild LI Guru Member

    Well I just learned something new!
     
  4. Badders44

    Badders44 LI Guru Member

    Also, how does this relate to the static DHCP entires? Isn't that assigning a MAC to an IP the same as the ARP binding?
     
  5. FattysGoneWild

    FattysGoneWild LI Guru Member

    Should ARP binding be used on a small home network as extra security?
     
  6. TexasFlood

    TexasFlood Network Guru Member

    Is he wireless? If so find out who he is a and set a wireless filter to keep him out.
     
  7. commandonut

    commandonut LI Guru Member

    ^
    no he's wired. Okay i'll block his mac.

    ----
    To Toastman , Thanks you to give me an idea. i'll try it.

    I saw guy that jam my tomato with plug a router and set as a dhcp server.


    Thanks you all comment :)
     
  8. RonWessels

    RonWessels Network Guru Member

    For that kind of stupid vandalism on your network, I would probably un-plug the other end of whatever wire runs to his computer/room/area. I would only re-connect that cable when he could give me the technical details of the DHCP protocol (which forces him to become somewhat technically savvy), explain why multiple DHCP servers on a single LAN is a bad idea (which forces him to realize the results if his vandalism), and assure you that it will never happen again.

    Just performing MAC blocking can be gotten around by the simple expedient of him changing his MAC address. Or even just getting another Ethernet card.
     
  9. Toastman

    Toastman Super Moderator Staff Member Member

    I agree with Ron. Go knock his teeth out :biggrin: You can't block him - if he's on the cable ... it's too late. Tell all the other guys who is screwing their access and they'll take care of it !
     
  10. FattysGoneWild

    FattysGoneWild LI Guru Member

    Anyone know?!?

     
  11. Toastman

    Toastman Super Moderator Staff Member Member

    The idea is to prevent a pirate user from just giving himself an IP address on the network (could be a free one or one belonging to another user). Unless the IP in use matches with the known MAC address of that client, it isn't allowed through.

    Static DHCP merely assigns a fixed IP address to a particular MAC if it requests one. It doesn't stop someone manually giving himself an IP address of his own choosing.
     
  12. FattysGoneWild

    FattysGoneWild LI Guru Member

    Thanks. I deleted the static entries under static DHCP. I thought by using arp binding. You would not need to have those entries there. :eek: I was wrong they do need to be there. Upon reboot of the devices. They all started to pull new ip's again. I guess because I am on cable?
     
  13. Badders44

    Badders44 LI Guru Member

    If you bind all the IP's/MAC's then the router thinks they are all active in the ARP cache; so you can't see who's really active (in Devices, WOL etc.).
    Would an alternative be to use Access Restrictions to block all MAC's 'except' the ones required or has DHCP already allocated an IP by then.
     
  14. Toastman

    Toastman Super Moderator Staff Member Member

    badders44, even if it had, the MAC would still be blocked, to me this also seems a secure way of doing things. Presumably someone who already had access wouldn't try to change his IP ... ?
     
  15. FattysGoneWild

    FattysGoneWild LI Guru Member

    Never even thought about making a access restriction. Would I still need to keep the static ip's under static dhcp box? Or would they show in devices if using access restriction?
     

Share This Page