hello all,
someone i know has a problem that might be pretty common. i post
it in case someone has already done the research and solved the
common problem :).
he has a windows based network (clients are w98, w2k, wxp and
some linux) and a linux firewall/transparent_proxy/bandwidth_manager.
if a client (usually w98, although the other OSes can be cracked,
particularly if a floppy or CD drive is available) is reconfigured
by users to use a different IP number, often the IP number collides
with some other client that already uses that number.
the other client gets a message that there is an IP collision and
then LAN and internet access basically stops working for both
clients (i think, i didn't observe deeply, it might be that one
keeps working and the other loses LAN connectivity, or they
might just both become unstable, my most recent test though
had both computers lose LAN connectivity).
all the clients are behind several switches (they currently have
100 or so clients, target is to grow to around 400 clients, but
slowly). all the switches connect to the linux box. the linux
box is connected, on its other ethernet card, to the cisco router.
c0-
c1 \
c2 --- switch1-
c3 / \
c4- \
---eth0 [ linux ] eth1---cisco --- world
c5- /
c6 \ /
c7 -- switch2-/
c8 /
c9-
in the general case, is there some good solution to this? he is
considering some sort of iptables ip<==>mac address mapping
rule. we can already enforce mac mapping by having a rule
that specifies that only if a given IP has a given MAC address
is it allowed to connect to the internet. but that just discourages
people from changing their OWN IPs. it doesn't discourage them
from causing a DoS for someone else. if they can sit at a public
client, they can actively DoS any other person they want just
by setting that client's IP to the IP of the other person's
personal PC.
what tool could he use to determine what the mac addresses are
of the two (or more) computers that have the same IP? if there's
no obvious tool then he might have to go to a network sniffer
like ethereal or tcpdump. he'd like to use something a little
friendlier though, if available. if tcpdump or something else, is
there already a front end available for this specific purpose? i.e.,
type in the IP number and all mac addresses using that IP are
displayed?
the mac addresses could be useful since he could do an inventory
of all mac addresses of all NICs and what computers they're in.
so if he could get the offending mac addresses he could fix any
problems sooner.
he'd like to switch clients to linux, but that's not going to happen
anytime soon due to inertia and user and management resistance.
for some reason he's not ready to go with DHCP, although that
would solve much of the problem (clients can still be used to
DoS other clients, but it would be harder to target any particular
person's computer since the IP numbers would not stay the
same).
the IP->mac address mapping stuff is, of course, not really a
solution. it's just a band-aid. what would be a real solution
for this (apart from switching to some client OS where changing
the IP isn't trivial :).
thanks for any pointers.
tiger
--
Gerald Timothy Quimpo gquimpo*hotmail.com tiger*sni*ph
Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78"
I am being nibbled to death by ducks.
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
