Re: The tale of a single MAC

2011-01-02 Thread Mikael Abrahamsson 

On Mon, 3 Jan 2011, Dobbins, Roland wrote:

I remember that there were several high-profile instances of duplicate 
MAC addresses being burnt into NICs during the 1990s - once every 2-3 
years, IIRC.  And those were just the ones that were discussed publicly.


D-Link shipped NAT-boxes around 2003-2004 or so with identical MAC 
addresses (and a "clone your PC mac address to the WAN 
interface"-functionality). I checked my then employer ADSL network and 5% 
of the customer ports had the same MAC address, D-Link support alledgedly 
said something about the MAC address not being "unique enough" and 
directed their customers to the cloning functionality to "solve" the 
problem.


--
Mikael Abrahamssonemail: swm...@swm.pp.se

Wikileaks, Friend or Foe?

2011-01-02 Thread Joseph Prasad 
A very good interview with John Young on Russia Today.

http://www.youtube.com/watch?v=oMRUiB_8tTc

--- mentioned in the
interview--

http://cryptome.org/

http://en.wikipedia.org/wiki/Cypherpunks



**
*The only power people exert over us, is the power we allow them to exert.*
*
*
*http://www.projectcensored.org/*
*
*
*http://www.thenewamerican.com/*

**
*
*

Re: The tale of a single MAC

2011-01-02 Thread Dobbins, Roland 

On Jan 3, 2011, at 10:31 AM, Lynda wrote:

> My guess is that you'll never find it on Google, since it happened around 
> 1993-4 or so.

I remember that there were several high-profile instances of duplicate MAC 
addresses being burnt into NICs during the 1990s - once every 2-3 years, IIRC.  
And those were just the ones that were discussed publicly.

Not to mention the old ARCNet NICs, which all came set to the same ARCNet 
address by default (one changed the address assignment via DIP switches on the 
cards themselves).

;>


Roland Dobbins  // 

Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.

  -- Alan Kay

Re: The tale of a single MAC

2011-01-02 Thread Lynda 

On 1/2/2011 6:00 PM, Marshall Eubanks wrote:

On Jan 2, 2011, at 8:39 PM, Corey Quinn wrote:



On Jan 2, 2011, at 1:24 PM, Franck Martin wrote:



In the early 90's a friend of mine got a box of 10 HP cards with
all the same MAC address.



In my early days of network admining, a coworker told me a
(apocryphal) story of 3com shipping a batch of 80K cards with
identical MAC addresses, which they then had to recall.



Unfortunately a cursory Google turns up nothing, so I suppose he
was either misinformed or pulling my leg.



I have also heard such stories, again from the '90s. Can cause odd
failure modes.


Google does NOT know all. I was there. I have had to deal with a 
building full of such wickedness. I administered DNS (in my copious 
spare time) for two subdomains, and managed the network in the building 
(a not inconsiderable /22, and also in my spare time), and started 
getting frantic calls from people who were getting knocked off the 
network because their machine had the same MAC address as another.


I had trouble believing it at first, but after dealing with five of them 
(all Gateways, and yes, all with the same MAC address), I directed the 
local sysadmins  to disable the nic that came with them, and to replace 
it with a spare. I understand that there were 30,000 of them, all with 
the same address. My guess is that you'll never find it on Google, since 
it happened around 1993-4 or so.


--
A picture is worth 10K words -- but only those to describe
the picture.  Hardly any sets of 10K words can be adequately
described with pictures.

Re: The tale of a single MAC

2011-01-02 Thread Marshall Eubanks 
On Jan 2, 2011, at 8:39 PM, Corey Quinn wrote:

> 
> On Jan 2, 2011, at 1:24 PM, Franck Martin wrote:
> 
>> In the early 90's a friend of mine got a box of 10 HP cards with all the 
>> same MAC address.
> 
> In my early days of network admining, a coworker told me a (apocryphal) story 
> of 3com shipping a batch of 80K cards with identical MAC addresses, which 
> they then had to recall.
> 
> Unfortunately a cursory Google turns up nothing, so I suppose he was either 
> misinformed or pulling my leg.
> 

I have also heard such stories, again from the '90s. Can cause odd failure 
modes. 

Regards
Marshall


> -- Corey Quinn / KB1JWQ
> 
> 
>

Re: The tale of a single MAC

2011-01-02 Thread Corey Quinn 

On Jan 2, 2011, at 1:24 PM, Franck Martin wrote:

> In the early 90's a friend of mine got a box of 10 HP cards with all the same 
> MAC address.

In my early days of network admining, a coworker told me a (apocryphal) story 
of 3com shipping a batch of 80K cards with identical MAC addresses, which they 
then had to recall.

Unfortunately a cursory Google turns up nothing, so I suppose he was either 
misinformed or pulling my leg.

-- Corey Quinn / KB1JWQ

Re: The tale of a single MAC

2011-01-02 Thread Steven Bellovin 

On Jan 2, 2011, at 5:15 54PM, Mark Smith wrote:

> Hi,
> 
> On Sun, 2 Jan 2011 08:50:42 -0500
> Steven Bellovin  wrote:
> 
>> 
>> On Jan 1, 2011, at 11:33 24PM, Mark Smith wrote:
>> 
>>> On Sat, 01 Jan 2011 20:59:16 -0700
>>> Brielle Bruns  wrote:
>>> 
 On 1/1/11 8:33 PM, Graham Wooden wrote:
> 
> 
> 
 
 Excellent example is, IIRC, the older sparc stuff, where the ethernet 
 cards didn't have MAC addresses as part of the card, but were stored in 
 non-volatile or battery backed memory.
>>> 
>>> This was actually the intended way to use "MAC" addresses, to used as
>>> host addresses rather than as individual interface addresses, according
>>> to the following paper -
>>> 
>>> "48-bit Absolute Internet and Ethernet Host Numbers"
>>> Yogan K. Dalal and Robert S. Printis, July 1981
>>> http://ethernethistory.typepad.com/papers/HostNumbers.pdf
>> 
>> Yup.
>>> 
>>> That paper also discusses why 48 bits were chosen as the size, despite
>>> "Ethernet systems" being limited to 1024 hosts. 
>>> 
>>> I think things evolved into MAC per NIC because when add-in NICs
>>> were invented there wasn't any appropriate non-volatile storage on the
>>> host to store the address. 
>>> 
>> On really old Sun gear, the MAC address was stored on a separate ROM chip; 
>> if the
>> motherboard was replaced, you'd just move the ROM chip to the new board.
>> 
>> I'm not sure what you mean, though, when you say "when add-in NICs were
>> invented" -- the Ethernet cards I used in 1982 plugged into Unibus slots
>> on our VAXen, so that goes back quite a ways...
>> 
> 
> More that as add-in cards supplied their own "storage" for the MAC
> address, rather than expecting it from the host (e.g. something like
> MAC addresses set by init scripts at boot or the ROM chip you
> mentioned on Suns), this has now evolved into an expected model of a
> MAC address tightly bound to an Ethernet interface and supplied by the
> Ethernet interface e.g. by an add-in board if one is added. Now that
> this model as been around for a long time, people find it a bit strange
> when MAC addresses aren't as tightly bound to a NIC/Ethernet interface.
> This is all speculation on my part though, I'd be curious if the
> reasons are different.
> 
> When I first read that paper, it was really quite surprising that "MAC"
> addresses were designed to be more general host addresses/identifiers
> that were also to be used as Ethernet addresses. One example they talk
> about is using them as unique host identifiers when sharing files via
> floppy disk.
> 
If you read the XNS specs, you'll see that they liked 64-bit addresses --
a 16-bit network number and a 48-bit host address.  In other words, they
had id/locator separation...


--Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: The tale of a single MAC

2011-01-02 Thread mikea 
On Sat, Jan 01, 2011 at 09:33:46PM -0600, Graham Wooden wrote:
> Hi there,
> 
> I encountered an interesting issue today and I found it so bizarre ? so I
> thought I would share it.
> 
> I brought online a spare server to help offload some of the recent VMs that
> I have been deploying.  Around the same time this new machine (we?ll call it
> Server-B) came online, another machine which has been online for about a
> year now stopped responding to our monitoring (and we?ll name this
> Server-A). I logged into the switch and saw that the machine that stopped
> responding was in the same VLAN as this newly deployed, and then quickly
> noticed that Server-A?s MAC address was now on Server-B?s switch port.
> ?What the ...? was my initial response.
> 
> I went ahead and moved Server-B?s to another VLAN, updated the switchport,
> cleared the ARP, and Server-A came back to life.  Happy new year to me.
> 
> So ? here is the interesting part... Both servers are HP Proliant DL380 G4s,
> and both of their NIC1 and NIC2 MACs addresses are exactly the same.  Not
> spoofd and the OS drivers are not mucking with them ... They?re burned-in ?
> I triple checked them in their respective BIOS screen.  I acquired these two
> machines at different times and both were from the grey market.  The ?What
> the ...? is sitting fresh in my mind ...  How can this be?
> 
> In the last 15 years of being in IT, I have never encountered a ?burned-in?
> duplicated MACs across two physically different machines.  What are the
> odds, that HP would dup?d them and that both would eventually end up at my
> shop?  Or maybe this type of thing isn?t big of deal... ?

We got a batch of NICS that had duplicate MACs in several pallets of
IBM desktops, about 15 years back. We noticed this only when two of the
machines were shipped to the same field office location.

I've heard other state agencies talk about the same sort of problem with
IBM and several other vendors. 

-- 
Mike Andrews, W5EGO
mi...@mikea.ath.cx
Tired old sysadmin

Re: The tale of a single MAC

2011-01-02 Thread Mark Smith 
Hi,

On Sun, 2 Jan 2011 08:50:42 -0500
Steven Bellovin  wrote:

> 
> On Jan 1, 2011, at 11:33 24PM, Mark Smith wrote:
> 
> > On Sat, 01 Jan 2011 20:59:16 -0700
> > Brielle Bruns  wrote:
> > 
> >> On 1/1/11 8:33 PM, Graham Wooden wrote:



> >> 
> >> Excellent example is, IIRC, the older sparc stuff, where the ethernet 
> >> cards didn't have MAC addresses as part of the card, but were stored in 
> >> non-volatile or battery backed memory.
> > 
> > This was actually the intended way to use "MAC" addresses, to used as
> > host addresses rather than as individual interface addresses, according
> > to the following paper -
> > 
> > "48-bit Absolute Internet and Ethernet Host Numbers"
> > Yogan K. Dalal and Robert S. Printis, July 1981
> > http://ethernethistory.typepad.com/papers/HostNumbers.pdf
> 
> Yup.
> > 
> > That paper also discusses why 48 bits were chosen as the size, despite
> > "Ethernet systems" being limited to 1024 hosts. 
> > 
> > I think things evolved into MAC per NIC because when add-in NICs
> > were invented there wasn't any appropriate non-volatile storage on the
> > host to store the address. 
> > 
> On really old Sun gear, the MAC address was stored on a separate ROM chip; if 
> the
> motherboard was replaced, you'd just move the ROM chip to the new board.
> 
> I'm not sure what you mean, though, when you say "when add-in NICs were
> invented" -- the Ethernet cards I used in 1982 plugged into Unibus slots
> on our VAXen, so that goes back quite a ways...
> 

More that as add-in cards supplied their own "storage" for the MAC
address, rather than expecting it from the host (e.g. something like
MAC addresses set by init scripts at boot or the ROM chip you
mentioned on Suns), this has now evolved into an expected model of a
MAC address tightly bound to an Ethernet interface and supplied by the
Ethernet interface e.g. by an add-in board if one is added. Now that
this model as been around for a long time, people find it a bit strange
when MAC addresses aren't as tightly bound to a NIC/Ethernet interface.
This is all speculation on my part though, I'd be curious if the
reasons are different.

When I first read that paper, it was really quite surprising that "MAC"
addresses were designed to be more general host addresses/identifiers
that were also to be used as Ethernet addresses. One example they talk
about is using them as unique host identifiers when sharing files via
floppy disk.

Regards,
mark.

Re: The tale of a single MAC

2011-01-02 Thread Franck Martin 
In the early 90's a friend of mine got a box of 10 HP cards with all the same 
MAC address.

- Original Message -
From: "Graham Wooden" 
To: nanog@nanog.org
Sent: Sunday, 2 January, 2011 4:33:46 PM
Subject: The tale of a single MAC

Hi there,

I encountered an interesting issue today and I found it so bizarre ­ so I
thought I would share it.

I brought online a spare server to help offload some of the recent VMs that
I have been deploying.  Around the same time this new machine (we¹ll call it
Server-B) came online, another machine which has been online for about a
year now stopped responding to our monitoring (and we¹ll name this
Server-A). I logged into the switch and saw that the machine that stopped
responding was in the same VLAN as this newly deployed, and then quickly
noticed that Server-A¹s MAC address was now on Server-B¹s switch port.
³What the ...² was my initial response.

Re: The tale of a single MAC

2011-01-02 Thread GP Wooden 
Fresh install and the NICs are Broadcom b57 10/100/1000, I believe. 

- Reply message -
From: "Randy McAnally" 
Date: Sun, Jan 2, 2011 8:53 am
Subject: The tale of a single MAC
To: "Graham Wooden" , 

-- Original Message ---
From: Graham Wooden 

> Hi there,
> 
> I encountered an interesting issue today and I found it so bizarre ­ 
> so I thought I would share it.
> 
> I brought online a spare server to help offload some of the recent 
> VMs that I have been deploying.  Around the same time this new 
> machine (we¹ll call it Server-B) came online, another machine which 
> has been online for about a year now stopped responding to our 
> monitoring (and we¹ll name this Server-A). I logged into the switch 
> and saw that the machine that stopped responding was in the same 
> VLAN as this newly deployed, and then quickly noticed that Server-
> A¹s MAC address was now on Server-B¹s switch port. ³What the ...² 
> was my initial response.
> 

Fresh OS install from scratch or did you load an image from an existing server?

What make/model of on-board NICs?

--
Randy M.

Re: The tale of a single MAC

2011-01-02 Thread Steven Bellovin 
I should note -- this isn't that surprising.  The IPv6 stateless autoconfig
RFCs have always assumed that this could happen, which is why duplicate
address detection is mandatory.

Re: The tale of a single MAC

2011-01-02 Thread Randy McAnally 
-- Original Message ---
From: Graham Wooden 

> Hi there,
> 
> I encountered an interesting issue today and I found it so bizarre ­ 
> so I thought I would share it.
> 
> I brought online a spare server to help offload some of the recent 
> VMs that I have been deploying.  Around the same time this new 
> machine (we¹ll call it Server-B) came online, another machine which 
> has been online for about a year now stopped responding to our 
> monitoring (and we¹ll name this Server-A). I logged into the switch 
> and saw that the machine that stopped responding was in the same 
> VLAN as this newly deployed, and then quickly noticed that Server-
> A¹s MAC address was now on Server-B¹s switch port. ³What the ...² 
> was my initial response.
> 

Fresh OS install from scratch or did you load an image from an existing server?

What make/model of on-board NICs?

--
Randy M.

Re: The tale of a single MAC

2011-01-02 Thread Eric Tow 
About 11-12 years ago, we ghosted Compaq Prosignia 330? desktops with
Intel NICs.  When we ghosted them, some of the desktops ended up with
the same MAC addresses on the NICs.  It turned out that there were two
different models of Intel NICs in the desktops and ghosting the
desktop with the second type of NIC resulted in the MAC address from
the original Ghost computer put on that computer.  Updating the NIC
driver resolved the issue.

Eric

Re: The tale of a single MAC

2011-01-02 Thread Steven Bellovin 

On Jan 1, 2011, at 11:33 24PM, Mark Smith wrote:

> On Sat, 01 Jan 2011 20:59:16 -0700
> Brielle Bruns  wrote:
> 
>> On 1/1/11 8:33 PM, Graham Wooden wrote:
>>> So  here is the interesting part... Both servers are HP Proliant DL380 G4s,
>>> and both of their NIC1 and NIC2 MACs addresses are exactly the same.  Not
>>> spoofd and the OS drivers are not mucking with them ... They¹re burned-in 
>>> I triple checked them in their respective BIOS screen.  I acquired these two
>>> machines at different times and both were from the grey market.  The ³What
>>> the ...² is sitting fresh in my mind ...  How can this be?
>> 
>> 
>> From the same grey market supplier?
>> 
>> I know HP has a disc they put out which updates all the firmware/bios in 
>> a specific server model, its not too far fetched that a vendor might 
>> have a modified version that also either purposely or accidentally 
>> changes the MAC address.  Off the top of my head, I'm not sure where the 
>> MAC is stored - maybe an eeprom or a portion of the bios flash.  Or, it 
>> could be botched flashing that blew away the portion of memory where 
>> that was stored and the system defaulted to a built in value.
>> 
>> Excellent example is, IIRC, the older sparc stuff, where the ethernet 
>> cards didn't have MAC addresses as part of the card, but were stored in 
>> non-volatile or battery backed memory.
> 
> This was actually the intended way to use "MAC" addresses, to used as
> host addresses rather than as individual interface addresses, according
> to the following paper -
> 
> "48-bit Absolute Internet and Ethernet Host Numbers"
> Yogan K. Dalal and Robert S. Printis, July 1981
> http://ethernethistory.typepad.com/papers/HostNumbers.pdf

Yup.
> 
> That paper also discusses why 48 bits were chosen as the size, despite
> "Ethernet systems" being limited to 1024 hosts. 
> 
> I think things evolved into MAC per NIC because when add-in NICs
> were invented there wasn't any appropriate non-volatile storage on the
> host to store the address. 
> 
On really old Sun gear, the MAC address was stored on a separate ROM chip; if 
the
motherboard was replaced, you'd just move the ROM chip to the new board.

I'm not sure what you mean, though, when you say "when add-in NICs were
invented" -- the Ethernet cards I used in 1982 plugged into Unibus slots
on our VAXen, so that goes back quite a ways...



--Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: The tale of a single MAC

2011-01-02 Thread Graham Wooden 
Hey Seth, thanks for the reply.

I don't use the iLO port, so I didn't look at it's MAC within the BIOS,
however my issue isn't that the MACs are the same within a physical machine.

They're different, just like all the other HP gear ... It's that I have two
machines that the MACs are identical.  Like Server-A's NIC1 matches
Server-B's NIC1 ... And the same goes for NIC2.  Heck, maybe even their iLO
matches too.  I just re-read my post and I can see where maybe I didn't
explain it properly. Yesterday was a long day ...

I guess it's not that big of deal now, I resolved it rather quickly by
putting Server-B on another VLAN.


On 1/2/11 12:56 AM, "Seth Mattinen"  wrote:

> On 1/1/11 7:33 PM, Graham Wooden wrote:
>> 
>> So ­ here is the interesting part... Both servers are HP Proliant DL380 G4s,
>> and both of their NIC1 and NIC2 MACs addresses are exactly the same.  Not
>> spoofd and the OS drivers are not mucking with them ... They¹re burned-in ­
>> I triple checked them in their respective BIOS screen.  I acquired these two
>> machines at different times and both were from the grey market.  The ³What
>> the ...² is sitting fresh in my mind ...  How can this be?
>> 
>> In the last 15 years of being in IT, I have never encountered a ³burned-in²
>> duplicated MACs across two physically different machines.  What are the
>> odds, that HP would dup¹d them and that both would eventually end up at my
>> shop?  Or maybe this type of thing isn¹t big of deal... ?
>> 
> 
> 
> None of the HP servers I have contain duplicate MAC addresses. (I just
> looked through all the iLO2 cards to make sure I wasn't lying.) I'll
> send you some details offlist.
> 
> ~Seth
>