Thu, Feb 13, 2020 6:33 AM

unknown DHCP requests coming from router

Router Model: ARRIS BGW210-700

Software Version: 2.5.6

I've been fed up with the abysmally restricted wifi features of this thing since I switched from cable (with my own DD-WRT access point) to fiber with this junk access point a couple years ago. My complaints are mostly related to DHCP functionality. I've finally taken the plunge and turned off the DHCP service in the router and activated a local DHCP Server on my linux system on my network. Everything is working great! I am finally once again able to allocate every device a fixed IP address as I used to do, instead of being limited to 16. I can finally specify my own DNS choice instead of AT&T's stupid server that advertises at you for typos resulting in nonexistent domains.

Except, this router is flooding me with a DHCPREQUEST for an address outside the range of my "unknown MAC" allocation pool.

This router has 3 MACs listed in it's panels:

4C:12:65:xx:yy:60 -- Wifi 2.5 GHz radio

4C:12:65:xx:yy:61 -- Broadband WAN

4C:12:65:xx:yy:61 -- also Wifi Guest Network ???

4C:12:65:xx:yy:63 -- Wifi 5 GHz radio

(The xx:yy: part is the same for all of these, just redacted here because the info is not needed.)

The MAC making the DHCPREQUEST is: 4C:12:65:xx:yy:62

I finally gave in and configured my DHCP server to allocate it an IP address. It seems to be sitting happy doing absolutely nothing. An nmap scan shows all 65536 ports are closed, so no way to connect in to it at all.

Any idea what this is?

I'm about ready to assign it an IP address the won't work on my network, but I'd really like to figure it out first.





2 months ago

Additional detail:

My AT&T router continues to make a DHCP client connection to my DHCP server:

Feb 15 18:41:17 dhcpd: DHCPREQUEST for 192.168.1.X from 4c:12:65:xx:yy:62 (BGW210) via eth0

Feb 15 18:41:17 dhcpd: DHCPACK on 192.168.1.X to 4c:12:65:xx:yy:62 (BGW210) via eth0

It even identifies itself as "BGW210".

It remains completely closed off to outside connection:

# nmap -Pn -p0- -v -A -T4 192.168.1.X

Starting Nmap 5.51 ( ) at 2020-02-15 23:45 EST

NSE: Loaded 57 scripts for scanning.

Initiating ARP Ping Scan at 23:45

Scanning 192.168.1.X [1 port]

Completed ARP Ping Scan at 23:45, 0.01s elapsed (1 total hosts)

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers

Initiating SYN Stealth Scan at 23:45

Scanning 192.168.1.X [65536 ports]

Completed SYN Stealth Scan at 23:46, 39.77s elapsed (65536 total ports)

Initiating Service scan at 23:46

Initiating OS detection (try #1) against 192.168.1.X

Retrying OS detection (try #2) against 192.168.1.X

Nmap scan report for 192.168.1.X

Host is up (0.025s latency).

All 65536 scanned ports on are closed

MAC Address: 4C:12:65:xx:yy:62 (Unknown)

Too many fingerprints match this host to give specific OS details

Network Distance: 1 hop



1 25.12 ms 192.168.1.X

Read data files from: /usr/share/nmap

OS and Service detection performed. Please report any incorrect results at .

Nmap done: 1 IP address (1 host up) scanned in 41.59 seconds

Raw packets sent: 65874 (2.900MB) | Rcvd: 65874 (2.636MB)


I have now configured my DHCP server to give it a bogus address and gateway at its next renewal, so we'll see what happens.




Well, it really doesn't like that. It's accepting the bad address but keeps asking for a new one anyway every few seconds. I guess it doesn't like being able to reach wherever it's trying to reach.




The good news is the fiber modem's inabilty for it's unknown function to reach anything doesn't seem to impair its proper function.

It's still trying to get a "good" address from my dhcp server a much higher rate than it should, but other than that I've not noticed any problems with internet access/speed.

