logoalt Hacker News

An unusual way for your DHCP server to run out of dynamic IPs

65 pointsby speckxlast Friday at 4:47 PM14 commentsview on HN

https://web.archive.org/web/20260712034557/https://utcc.utor...


Comments

sarguntoday at 3:44 AM

I accidentally took down our corporate network multiple times ~20 years ago, because I was setting up virtual networks with Linux machines acting as l2 bridges, and with proxy_arp to on. The DHCP server only checked for an arp reply, and I caused our server to run out of IPs. It had a cache and nobody knew how to clear it, so we just had to wait it out.

show 2 replies
no_carriertoday at 6:29 AM

I'm more interested to know about the endpoint that was responding to all IPs.

Also, minor nitpick:

> Without that we would have been reduced to tracing through switch ARP tables (for switches smart enough to report that)

You'd only need your switch to have a viewable mac address table rather than an ARP table.

drdexebtjltoday at 3:57 AM

Isn’t that a DoS vulnerability?

show 1 reply
ram_rattletoday at 4:25 AM

lol, nice read.

damian260today at 7:50 AM

[dead]

pixl97today at 1:43 AM

Oh wow, that's a fun one. It sounds like the network card was in promiscuous mode.

The wikipedia page even has a bit about this.

https://en.wikipedia.org/wiki/Promiscuous_mode

>As promiscuous mode can be used in a malicious way to capture private data in transit on a network, computer security professionals might be interested in detecting network devices that are in promiscuous mode. In promiscuous mode, some software might send responses to frames even though they were addressed to another machine.

show 2 replies