i have a x86/64 with 2 ethernet interfaces.
eth0: pppoe to the device of the ISP.
eth1: NAT to my network 192.168.1.0/24 DHCP.
the problem i have is that there is a device that has an erroneous functionality and it bridges the LAN/WAN DHCP. So it creates in the LAN a 2nd DHCP server, 192.168.3./24.
is there a way to stop the bogus DHCP and the 192.168.1.0/24 is the only network?
constantly, or only during boot ?
that would be a question for the vendor of the device ?
it is randomly that the issue happens, not only during boot.
i am trying to protect the network from getting an IP from bogus DHCP server. is there a way?
if you can customize the DHCP on the rogue device, make it the acting DHCP for the LAN, instead of the x86, but it needs to be able to tell the clients to use the x86 as the default gw.
or flash it with openwrt 
i do not have access to the quest machine.
so no way to block the bogus DHCP?
there's no firewall on the LAN, you can't, unless you put it on a separate interface, I guess.
You do not have access to something on your network?
An interpretation of this is that it is your device that is the rogue. Are you asking here if anyone can help you set up your MITM attack equipment?
i am not attacking anyone, nor i have an attack device.
What i am saying is that sporadically there is a device in my home, that instead of respecting the network rules and simply listen to dhcp client, it serves as DHCP server. i am looking for a way to STOP this device from propagating its DHCP server.
Can you provide a network diagram of your home network? I am having trouble understanding where and how this device relates to your home network.
Why do you have a device which you are not in control of?
It is your home. Why do you not have access to the device? Who installed it?
There are two ways to fix this:
here is my network diagram. nothing fancy. It consist's of:
-ISP's router
-OpenWRT router
-switch
where it mentions neighbor's PC is next door friend that i'm sharing to him internet access.
My OpenWRT router has a DHCP server, but sporadically i see that some of my devices cannot access resources in my LAN, nor have access to Internet. These devices get an IP from a different DHCP server, that shouldn't be operated.
Is there any way that i can block the traffic from any other dhcp?
simple as that, i am not looking to operate and get trained in rogue operations, nor any other conspiracy theory!
how about a guest network?
Stop sharing Internet and verify it's not your neighbor running the rogue DHCP?
By ethernet too by the look of it.
Ask your neighbour if he has an old isp router connected (maybe used as a switch to break out to his wireless network).
If he has, tell him to fix it or fix it for him. You have the ultimate sanction of disconnecting.....
should be able to tcpdump the traffic, see where those DHCP replies are coming from, and then do a MAC lookup, unless you already know which device's causing it.
Even without disconnecting, there is no excuse to run a single physical network, a single broadcast domain for two separate households. Something like a guest network for your neighbour's branch of the network (with routed/ filtered access to common resources, should you want those) would already solve this issue - that way your neighbour could only mess up their part of the network, not yours.
It is probably a simple matter of connecting the ethernet feed going to the neighbour to the wan port of his router if the problem is what I suspect it is.
Maybe the neighbour only connects up when he needs it and sometimes plugs in to a lan port instead of the wan port. Only one way to find out, @atux_null, - go ask him.
Rather than mess about with a guest network, get a cheap router, or that old one everyone has in a bottom drawer and use that to block the consequences of anything he does.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
