来自同一盒子的多个 DHCP 请求 - 提供地址

2024-5-31 • tag-icon

请分享如何停止/阻止/识别恶意设备。租约时间为 1 小时。最终我可能会用完地址。附件是日志数据。我的 DHCP 服务器为 Windows 2003 Server 提供了一个地址撒狄2。我不清楚长（16字节）MAC地址。

Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: DHCP REQUEST [en0]: 1,52:41:53:20:d0:67:e5:ed:9f:2:0:0:9:0:0:0 <SARDIS2>
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: dhcpd: 192.168.1.49 lease extended to INIT/REBOOT client
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: replying using broadcast IP address
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: replying to 255.255.255.255
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: ACK sent SARDIS2 192.168.1.49 pktsize 300
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: service time 0.001959 seconds
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: DHCP REQUEST [en0]: 1,52:41:53:20:d0:67:e5:ed:9f:2:0:0:8:0:0:0 <SARDIS2>
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: dhcpd: 192.168.1.50 lease extended to INIT/REBOOT client
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: replying using broadcast IP address
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: replying to 255.255.255.255
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: ACK sent SARDIS2 192.168.1.50 pktsize 300
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: service time 0.001705 seconds
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: DHCP REQUEST [en0]: 1,52:41:53:20:d0:67:e5:ed:9f:2:0:0:7:0:0:0 <SARDIS2>
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: dhcpd: 192.168.1.51 lease extended to INIT/REBOOT client
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: replying using broadcast IP address
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: replying to 255.255.255.255
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: ACK sent SARDIS2 192.168.1.51 pktsize 300
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: service time 0.001372 seconds
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: DHCP REQUEST [en0]: 1,52:41:53:20:d0:67:e5:ed:9f:2:0:0:6:0:0:0 <SARDIS2>
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: dhcpd: 192.168.1.52 lease extended to INIT/REBOOT client
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: replying using broadcast IP address
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: replying to 255.255.255.255
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: ACK sent SARDIS2 192.168.1.52 pktsize 300
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: service time 0.001852 seconds
Mar 16 11:53:15 croghan.birchard.org bootpd[1700]: DHCP REQUEST [en0]: 1,52:41:53:20:d0:67:e5:ed:9f:2:0:0:5:0:0:0 <SARDIS2>

答案1

这并非旨在解决您的长期问题，而是在短期内将您的租赁时间缩短到非常短的水平。这些请求很快就会出现。

下一步是跳到交换机上，查看发出请求的 MAC 地址的 arp 表。然后，您可以识别交换机端口。在某些交换机设备上，它是：show arp 或 show mac-address-table

答案1

相关内容