Anarcho DHCP

There is a non-negligible amount of things that you learn by mistake. And if you know me, I make a lot of mistakes. Ergo, I learn a lot of things — even if they mostly have no useful purpose.

Yet, this is useful: Even if you have assigned an IP address to your WiFi interface that is different from the subnet you've joined, if dnsmasq is running, you might still give a DHCP lease to any other device that enters the network.

I already knew that from wired networks, yet I hadn't thought that the same "accident" could happen in wireless networks. Not until I heard my lovely girlfriend's voice say something like:

I don't have internet!

Instead of the usual 192.168.2.0/24, she had been assigned an address in the 172.16.12.0/24 subnet — which happens to be my laptop's subnet for sharing internet over WiFi/hostapd.

However, hostapd hadn't been running on my laptop, and she was connected to the right AP anyway. Yet somehow my laptop's dnsmasq must have got the DHCP discover message anyway, and answered to it faster than the router.

From that, I assumed that no matter if you're on a wired or wireless connection, rogue DHCP servers may be a problem. When I stated my discovery among my collegues, the reaction I got was something along the way of "of course — and it's not the first time your computer does that — fix your fucking networking!", followed by:

flor> ayekat: si j'étais l'opérateur réseau je ban ton compte directement si tu
      fais ça

Interestingly, even if the AP runs a DHCP server on it's own, it broadcasts the DHCP discover packet. This might seem weird at the first glance, but then again hostapd and dnsmasq are two different processes (that may as well run on two different devices), and things still work as expected if all is set up correctly.

If things are set up correctly.

For my part, I have decided not to put any IP addresses on my ethernet and WiFi interfaces that may be subject to accidental DHCP lease offers by dnsmasq, put a static address on my ethernet interface (for emergencies), and assign IP addresses manually to an interface if necessary — after all, it doesn't happen each day that I share my internet connection.

read more

2017