OpenWRT dhcp-lease file arping-based host-removal (dnsmasq)

To help prevent DHCP starvation DoS attacks (not fool-proof though if you can fake ARP replies back)

rm /tmp/arp.*
cat /tmp/dhcp.leases | awk '{ print $3 }' | while read a ; do
  ( arping -f -q -c 1 -w 1 -I br-lan "$a" ; if [ $? -ne 0 ] ; then echo "$a" > /tmp/arp.host."$a" ; fi ) &
done
sleep 3
cat /tmp/arp.host.* | while read a ; do
  sed "/^.*$a.*$/d" -i /tmp/dhcp.leases
  touch /tmp/arp.run
done
if [ -f /tmp/arp.run ] ; then
  kill `ps | grep -i 'dnsmasq' | grep -iv 'grep' | awk '{ print $1 }'`
  /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -k -x /var/run/dnsmasq/dnsmasq.pid &
fi
rm /tmp/arp.*

Leave a comment Cancel reply

Design a site like this with WordPress.com