Certain DHCP Broadcasts being dropped?!?

Certain DHCP Broadcasts being dropped?!?

am 12.02.2007 18:05:21 von BJ

I recently noticed entries in the log of my SonicWall indicating that my
Server 2003 SP1 DHCP server appears to be sending a DHCPOFFER broadcast once
every minute. The entries
look like this (server IP changed to protect the innocent):

[Date & Time] - Broadcast packet dropped - Source:172.16.211.8, 67, LAN -
Destination:255.255.255.255, 68, LAN - Protocol: 17 -

Clients on my network are successfully requesting and receiving address
assignments from the DHCP server, so I can't think of any reason why
my firewall would consistently drop only these DHCPOFFER messages; I also
can't figure out "who" the client might be that's sending the requests.
Obviously the client request keeps coming every minute because the reply
from the DHCP server is being dropped, but what the heck is going on here?

- Who is the mystery client?
- Why is the firewall dropping the DHCPOFFER message?
- I have WPA/PSK security on my wireless network, but I can confirm that
*no* clients at all are connected to the APs while this is occurring.

Any help appreciated.

Bryan

Re: Certain DHCP Broadcasts being dropped?!?

am 13.02.2007 00:28:35 von flamer

On Feb 13, 6:05 am, "BJ" wrote:
> I recently noticed entries in the log of my SonicWall indicating that my
> Server 2003 SP1 DHCP server appears to be sending a DHCPOFFER broadcast once
> every minute. The entries
> look like this (server IP changed to protect the innocent):
>
> [Date & Time] - Broadcast packet dropped - Source:172.16.211.8, 67, LAN -
> Destination:255.255.255.255, 68, LAN - Protocol: 17 -
>
> Clients on my network are successfully requesting and receiving address
> assignments from the DHCP server, so I can't think of any reason why
> my firewall would consistently drop only these DHCPOFFER messages; I also
> can't figure out "who" the client might be that's sending the requests.
> Obviously the client request keeps coming every minute because the reply
> from the DHCP server is being dropped, but what the heck is going on here?
>
> - Who is the mystery client?
> - Why is the firewall dropping the DHCPOFFER message?
> - I have WPA/PSK security on my wireless network, but I can confirm that
> *no* clients at all are connected to the APs while this is occurring.
>
> Any help appreciated.
>
> Bryan

Well.. do you have a workstation that cannot acquire an ip address?

I would run a packet analyser like wireshark(ethereal) and see the mac
address's involved then you can pinpoint where they are coming from.

Flamer.