Services

Using 1.3b2 pc-generic.
This line appears in my DHCP leases and has since probably March 29. I can't seem to find any mention of this type of thing in the list archive or google. The IP address is valid for my network and the start time is likely accurate, but the MAC address is obviously a fabrication of some sort, and what the heck is with the expiry time?

10.0.200.222     00:ab:00:00:00:00          2007/03/29 15:34:09     1969/12/31 16:59:59

I noticed this probably within a couple days of March 29 and created a fw rule to log any traffic to/from that IP, but no related entries to date.

So what created such a lease?
Is it going to stay there until a reboot of m0n0?

Thanks,
db

that's definitely not a valid MAC address. Well, it's "valid", but it's not one you would find on any NIC, as 00:ab:00 isn't assigned to any vendor.

The expiry time is strange, but makes a little sense at least. Unix systems do some internal time keeping by counting seconds since the epoch, which is 00:00:00 UTC January 1, 1970. Depending on your time zone, that time may be sometime after 1/1/70 in UTC.
info on the Unix epoch for anyone that's interested:
http://en.wikipedia.org/wiki/Unix_time

As for what created it....  you tell us, what's on your network? You have an open wireless access point or something, where some outside could have attached to your network?

Well, it could have been anybody, as we have many customers on the network, all DHCP, and no MAC address control.

So I guess somebody just went on with a spoofed MAC and incorrect clock. Can I delete the lease without rebooting? Maybe upload a new dhcp-leases file or its equivalent?

db

Ah, so it's hard to say what was on your network at the time. Be really hard to figure out what caused it then.

I wouldn't worry about it being there. I guess you could use exec.php to download the leases file, edit out that line, then upload the changed leases file.

Yeah, that worked.