OpenWRT dhcp-lease file arping-based host-removal (dnsmasq)

fossjon

To help prevent DHCP starvation DoS attacks (not fool-proof though if you can fake ARP replies back)

rm /tmp/arp.*
cat /tmp/dhcp.leases | awk '{ print $3 }' | while read a ; do
  ( arping -f -q -c 1 -w 1 -I br-lan "$a" ; if [ $? -ne 0 ] ; then echo "$a" > /tmp/arp.host."$a" ; fi ) &
done
sleep 3
cat /tmp/arp.host.* | while read a ; do
  sed "/^.*$a.*$/d" -i /tmp/dhcp.leases
  touch /tmp/arp.run
done
if [ -f /tmp/arp.run ] ; then
  kill `ps | grep -i 'dnsmasq' | grep -iv 'grep' | awk '{ print $1 }'`
  /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf -k -x /var/run/dnsmasq/dnsmasq.pid &
fi
rm /tmp/arp.*
OpenWRT dhcp-lease file arping-based host-removal (dnsmasq)

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s