On 10/21/21 7:05 AM, Shrenik Bhura wrote:
DHCP Request
> Server-ID (54), length 4: 192.168.67.1
> Requested-IP (50), length 4: 192.168.67.53
> Hostname (12), length 13: "192.168.67.53"
Client says "My hostname is '192.168.67.53'"
[...]
> Hostname (12), length 3: "192"
Server says "Your hostname is '192'"
May be the code that logs this line needs to be checked if it is just printing
part of the complete hostname i.e. IP address.
the problem here is the client looks to be misconfigured if it is telling the
server its name is an IP address... they are very different...
i have, however, seen malicious clients doing the same in years past when they
have been accessing my servers... they were attempting to throw off
investigation about their origins... some even tried to say they were 127.0.0.1
to throw off investigations... it was at this time that both host names and
actual origin IPs were logged and the truth was found out...
then there's the malicious DNS servers that also serve up wrong addresses and
host names in attempts to hide their true identities... we see a lot of that
from certain spaces when wearing our various network security hats and doing
deep analysis of malicious traffic... especially from spammers and some botnets...
--
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list unless*
*a signed and pre-paid contract is in effect with us.*
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
