Jozef Mares – jozefmares.com
Home Author
Author

Jozef Mares

Encountering a DHCP error on your Mac can be a frustrating experience, as I know from personal experience. I spent several Saturday hours trying to debug issues with my network. In this article, we’ll go over some common reasons why you might not be getting an IP address from your DHCP server on macOS, and how you can troubleshoot and fix the issue.

The symptoms of the problem typically involve your Mac using a self-assigned IP address instead of obtaining one from the DHCP server. I initially thought that the issue might be with my network setup, which includes a gateway device (based on Turris Omnia), VLANs, firewalling, a switch, and a dedicated AP connected to the switch. There are many moving parts in such a setup, so there were plenty of opportunities for things to go wrong.

To diagnose the issue, I checked the logs on the gateway device and found repeating messages indicating that DHCP offers were being sent but no DHCP requests were being received.

Apr 2 13:04:23 gw dnsmasq-dhcp[5085]: DHCPDISCOVER(lan0.150) --REDACTED_MAC--
Apr 2 13:04:23 gw dnsmasq-dhcp[5085]: DHCPOFFER(lan0.150) --REDACTED_IP-- --REDACTED_MAC--.

I used TCPdump to capture the traffic and confirmed that there were no DHCP requests being sent by my Mac.

tcpdump -i lan0.150 port 67 or port 68

13:34:55.138920 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from --REDACTED_MAC-- (oui Unknown), length 300
13:34:55.139467 IP 192.168.150.1.67 > 192.168.150.3.68: BOOTP/DHCP, Reply, length 311
13:35:03.421299 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from --REDACTED_MAC-- (oui Unknown), length 300

Just for the unitiated, here is how proper DHCP communication looks like:

CLIENT -> DHCPDISCOVER
SERVER -> DHCPOFFER
CLIENT -> DHCPREQUEST
SERVER -> DHCPACK

Manually setting the IP address confirmed that the network was working, which meant that the issue was with macOS.

Further investigation using the Console app revealed an error log related to DHCP, indicating that my Mac was stuck in the “INIT waiting” state.

DHCP en0: INIT waiting at 4 for 4.107551

After searching online (for example here or here, I found similar issues reported by other users, which led me to suspect that the network cache on my Mac was corrupted. But before that I fiddled for another two hours with networking because I ignored info I already found. :)

One common cause of DHCP issues on macOS is a corrupted network cache. This can occur due to outdated or conflicting network configurations, previous network connections that were not properly closed, or a malfunctioning network daemon. To troubleshoot this issue, you can try resetting your network configuration and cache by running the following commands in Terminal:

sudo dscacheutil -flushcache 
sudo killall -HUP mDNSResponder

If resetting the network configuration doesn’t work, you can try updating your macOS to the latest version, which may include bug fixes related to networking.

In my case, I had an update pending, so I triggered it and rebooted my Mac. After the update, everything worked correctly. I assume that there was something wrong with the network daemon, and the update triggered a cache flush, which resolved the issue.

In conclusion, encountering a DHCP error on macOS can be frustrating, but with a little troubleshooting, you can usually fix the issue. Remember to check your network configuration, reset your network cache, and update your macOS to the latest version. If all else fails, booting into single-user mode can help you diagnose the issue further.

Maintaining a clear headspace is crucial for me to be productive and avoid additional stress. To achieve this, I adopt an ivory tower mentality, which I refer to as my “shields-up procedure” or “harsh editor protocol.” The latter name comes from my language teacher, who was a pro at cutting unintentional content from my school works and had a significant impact on the way I think and write.

In terms of my online and computing habits, I practice strict ad-blocking for both my sanity and security reasons. I use Safari as my browser and have several extensions installed, including Hush, Super Agent, Vinegar, and Wipr. Additionally, I use a self-hosted VPN with Wireguard and deploy it with a network-based ad-blocker. For this, I use PiHole in the LXC container.

I have a self-hosted music library, but I also use Spotify for discovery. I pay for the ad-free version as the ads can be very obtrusive and listening to the same ad repeatedly drives me crazy. I rarely watch TV but have noticed that the bombardment of ads makes it an unpleasant experience. I choose to cut out the ads by paying for the ad-free version and avoid TV when possible. Last few years I in general do not watch too much of movies and shows so TV is really obsolete for me.

To avoid mindless browsing on social media and news platforms, I focus on the tasks at hand and make a conscious effort to engage in activities I enjoy, such as snowboarding, skateboarding, reading, going for walks, visiting coffee shops, cooking, gardening, and simply looking at the wall.

For news consumption, I use RSS feeds, and Twitter’s RSS feature through Nitter (https://nitter.net/$USERNAME/rss). I also prefer to consume curated news rather than focus on developing situations that don’t directly affect me. For example, I use the Current Events portal on Wikipedia instead of local “infotainment news.” If you struggle with muscle memory typing (e.g. typing news portal automatically I suggest blocking domain on PiHole or via /etc/hosts). It worked for me.

I try not to pick up my phone as soon as I wake up in the morning. Instead, I take a few minutes to make coffee, go to the bathroom, and think about what’s ahead of me. I also focus on doing more of what works and less of what doesn’t, which can be surprisingly difficult.

While it is challenging to avoid ads in real life, such as billboards and posters, I choose to ignore them. Growing up in Eastern Europe in the 90s exposed me to numerous billboards, making me effectively blind to on-street ads.

Regarding society, I’m not particularly interested in other people’s work lives unless they are passionate about it or work on something interesting. I prefer to ask about their hobbies and pastimes instead of their job.

Toxic environments like Facebook conspiracies and crazy people, Instagram i know I am not supermodel, and TikTok hell no can be draining, so I avoid them. Instead, I use curated Twitter, Mastodon, and specific subreddits related to my interests in Dev/IT/security. Over time, I’ve joined various group chats and left as many. I have at least few cybersecurity-related group chats, some for development, few with close friends, and a some related to skateboarding. I find this approach more beneficial than hunting for information on social media and being at the mercy of random algorithms designed to feed me more ads.

When it comes to personal relationships, I edit my friends and family ruthlessly. People come and go, and our lives take different paths. If a relationship exhausts me, I take the time to re-evaluate and consider moving on. I am getting to forties and my time is limited. I have circa 25 active years and with some luck another forty years on this rock.

Lastly, I periodically evaluate my surroundings to determine if I’m content. I have a simple note where I actively write about my location, the activities I’m doing, the people I’m meeting, and other aspects of my life. I grab coffee or tea and evaluate what’s happening around me. If I am unhappy with work I am doing for longer time I improve situation or move on. Also it is interesting to observe how perception changes over the time.

Finally, I try not to get caught up in the hype around side hustles, FIRE, cryptocurrency, and other trending topics. I give zero fucks about the opinions of “thread-bois” and “crypto-bros” who are just trying to sell their dreams and make money off subscriptions. Instead, I stay focused on what matters to me and help people I care about. That is living in Ivory Tower for me.

Seems like ransomware is getting traction, since I was asked for 3 times last week my opinion on the topic. 

What is going on with ransomware, how to deal with it and is it going away? Short answer – no. Here is why.

It is business thing

First time founders think having awesome product is the most important thing to succeed. Once they will mature a little bit, they will find out marketing and distribution is real deal. 

10 years ago, it was pretty popular to extort ecommerce and content companies with DDoS attacks. I personally had “pleasure” to deal with this issue for 3 times. Two times we were able blackhole DDoS traffic and implement what we called hillbilly CDN, once customer decided to pay. 

Let’s take a look on a problem from business perspective. Using DDoS as product, you have to act in real-time to create pressure, have to solve payment infrastructure (anyone remembers eGold or payment in vouchers?). Scaling was hard as your DDoS infrastructure has only certain capacity. DDoS capacity was changing very fast as your hacked machines were subject of interest for other groups. This business didn’t scale well and distribution was hard.

Since extortion is multination technological industry with agile transformation (like shady Amazon) need for transformation was here. Payment infrastructure (part of the distribution problem) was solved by BTC. Side note – BTC is not anonymous and seems like it is not problem. Product was here – encryption malware and this product compared to DDoS scales very well (e.g. when you have 1000 victims in pipeline your cost for service is not growing linearly). Early versions of most of the ransomware had issues (remember it is agile industry) with weak encryption algorithms, stored keys in memory etc. Probably normal developer thing – not invented here, I will make my own cipher suite. This was eliminated by using industry standards encryption algorithms. 

Product-market fit was easy. Encrypt and extort. There is churn (e.g. 40% will not pay as they have backups, 20% will not pay as they do not have resources – you can provide discounts) – you get the idea. 

I mentioned it is agile industry and here is the thing – you need faster distribution (bigger pipeline for your churn) and for last two years I saw multiple times offers like this: introduce our ransomware to your corporate environment and get 30% of profits (business thing – commission based model). Another model – start your own ransomware with our platform. We will handle payments and create ransomware packages you will take care about support and find victims (franchise/sometimes MLM model).

You can see – ransomware is really just a business. You have customer support, development, finance people etc. and probably even some board meetings. :)

To conclude – there is great product-market fit, profits are here and most of the businesses can’t compete with agile tech industry (see newspapers vs Facebook, local shops vs Amazon).

It is political problem

If there are countries which supports ransomware gangs, provide legal infrastructure (or decide not enforcing law) and even profit from ransomware (North Korea, Russian intelligence units) situation is not going to change. It is relatively harmless to profit from ransomware, there is not going to be military action as response to ransomware attack (so far, in future this will change) and investigation is taking long time. Worst case scenario – you will play diplomacy card. Cost/benefit analysis is speaking for ransomware.

It is technical problem

Technological landscape in average household and organization is getting more complex every year. Just think how many new devices you got in last two years. For corporations it is worse. Cloud has removed perimeter and remote work moved security boundaries to homes of your employees. Shadow IT is omnipresent – it is not just people will bring their own cell phones. Your data are in various services like dashboard, note-taking apps etc. All these things are creating super-complex landscape. 

And cybersecurity is constantly failing. Why is cybersecurity failing – that’s topic for another time. Long story short – cybersecurity does not scale well and immediate response is always more compliance and rules instead of root cause analysis. 

Lot of cybersecurity problems can be solved by proper hygiene and it is where almost every company is failing – assets management, monitoring and incident response. At least at 50% of organizations I speak with is saying what kind of countermeasures they are doing, what tools they are buying. Rarely I can hear incident response, resilience and reliability and continuity planning. It is almost like most of the people do not plan for failure and act surprised when incident happens.

Why ransomware getting traction now?

1.     Ransomware is commodity and requirements for entering business are low – almost no technical skill required. 

2.     Complexity of landscape is increasing (read more things to attack and more ways how to get access) every year which helps fill extortion pipeline.

3.     Little readiness for incident – no backups, no incident handling planning, zero focus on resilience.

What’s next?

More ransomware of course. Difference is, this is going to be more present for industrial organizations. How many manufactures are not going to pay ransom if they must deliver just-in-time? When ransomware will hit targets like Colonial pipeline or other critical infrastructure how probable is they will not pay extortion? I heard few times things are going to change, there will be legislation and new regulations. Might be but that is what we have been doing for last 20 years. Are we more secure?

If you are not planning for incident buy some BTC, there is good conversion rate these days.

Newer Posts