DHCPd receives a wrong MAC-address from VirtualBox Guest
I have VM which is working with "Host-Only Adapter". I disabled VirtualBox’s built-in DHCP-server. I’ve installed isc-dhcp-server on my hypervisor. Then I added the subnet
subnet 10.10.54.0 netmask 255.255.255.0 {
range 10.10.54.2 10.10.54.254;
option routers 10.10.54.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
}
And added a fixed address for virtual machine.
host 10-10-54-11 {
hardware ethernet 08:00:27:de:7e:cc;
fixed-address 10.10.54.11;
}
My virtual machine has MAC-address 08:00:27:de:7e:cc. I’m trying to send a DHCP-request from my virtual machine by this command: nmap --script broadcast-dhcp-discover. However, when DHCPd receives a request for offering IP-address for VM, DHCPd shows a completely different MAC-address and doesn’t send a fixed address
root@hypervisor:/etc/dhcp# systemctl status isc-dhcp-server
● isc-dhcp-server.service - ISC DHCP IPv4 server
Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-11-13 12:28:09 +05; 9min ago
Docs: man:dhcpd(8)
Main PID: 12274 (dhcpd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/isc-dhcp-server.service
└─12274 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf
Nov 13 12:28:09 hypervisor dhcpd[12274]: you want, please write a subnet declaration
Nov 13 12:28:09 hypervisor dhcpd[12274]: in your dhcpd.conf file for the network segment
Nov 13 12:28:09 hypervisor dhcpd[12274]: to which interface eth0 is attached. **
Nov 13 12:28:09 hypervisor dhcpd[12274]:
Nov 13 12:28:09 hypervisor dhcpd[12274]: Sending on Socket/fallback/fallback-net
Nov 13 12:28:09 hypervisor dhcpd[12274]: Server starting service.
Nov 13 12:28:14 hypervisor dhcpd[12274]: DHCPDISCOVER from de:ad:c0:de:ca:fe via vboxnet4
Nov 13 12:28:15 hypervisor dhcpd[12274]: DHCPOFFER on 10.10.54.3 to de:ad:c0:de:ca:fe via vboxnet4
Nov 13 12:32:39 hypervisor dhcpd[12274]: DHCPDISCOVER from de:ad:c0:de:ca:fe via vboxnet4
Nov 13 12:32:40 hypervisor dhcpd[12274]: DHCPOFFER on 10.10.54.3 to de:ad:c0:de:ca:fe via vboxnet4
Is it a bug? How to fix this problem?
From the comments:
Just tried to set dhcp4: true in my netplan config, then restarted VM and I received my fixed address. Perhaps nmap sends a random MAC-address to DHCP-server.
That’s it, but it is not exactly random. From the beginning of the /usr/share/nmap/scripts/broadcast-dhcp-discover.nse script:
description = [[
Sends a DHCP request to the broadcast address (255.255.255.255) and reports
the results. By default, the script uses a static MAC address
(DE:AD:CO:DE:CA:FE) in order to prevent IP pool exhaustion.
[...]
The MAC address in the DHCP request is exactly the documented one:
DHCPDISCOVER from de:ad:c0:de:ca:fe via vboxnet4
I should have realized that the MAC address actually spells out "dead code cafe". Such playful hexadecimal patterns are common in various diagnostic/identification purposes, like the classic IBM memory fill pattern 0xDEADBEEF or the magic number that identifies Java class files, 0xCAFEBABE.
By using such a "meaningful" MAC address, someone reading the DHCP server logs might guess that the queries are from something other than a regular DHCP client (a nmap script, in this specific case).