|
Posted by stephen on November 12, 2006, 3:26 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> On 11 Nov 2006, in the Usenet newsgroup comp.dcom.lans.ethernet, in
article
> smyers@tuscanylasvegas.com wrote:
>
> >I have a problem in my conventions areas. We sometimes get people who
> >hook up to the local network in our convention areas and some people
> >like to cause some problems...
>
> So what else is new? Wired or wireless?
>
> >Last week, we hosted a convention of programmers at our hotel and i had
> >a problem with someone setting their ip to match my default gateway and
> >dhcp server. This is becomming an issue and to the best of my
> >knowledge there would be no way to stop any one from doing this.
>
> Correct. Look at it this way - if they've used the same IP address as the
> gateway, they're not able to reach off the LAN either, as most operating
> systems recognize their "own" address, and any packets destined to that
> address will be sent to the loopback - going nowhere.
>
> Where they st00pid enough to not spoof the MAC (hardware) address as well?
>
> >I would assume this individual got the network info when they got their
> >ip address from my dhcp server.
>
> Sounds reasonable
>
> >is there a good way to hide my default gateway that any one knows of?
>
> No. Apparently you don't understand IP networking, and how routing
works.
> The IP packet header has the "source" and "destination" IP addresses as
the
> first eight bytes. Packets that are destined for some off-network address
> like 'groups.google.com' still have that IP address as the destination,
but
> are sent to the MAC address of the local gateway. The sending computer
looks
> at the routing table, and might see that (example) the local network is
> 192.168.2.0/24, and the loopback is 127.0.0.0/8. Well, groups.google.com
> (216.239.57.x) isn't one of those addresses, so the sending computer looks
> for the gateway - ARPs to determine the MAC address, then sends the packet
> with the destination address of 216.239.57.x to the MAC address of the
> gateway. Now, you've decided to "hide" the gateway. OK - how is the
> customer's computer supposed to figure out who to send the packet to for
> onward relay? Is it supposed to guess?
>
> >If there is an appliance that can force strict ip compliance, where do i
> >get it? though i dont to my knowledge think there is any such appliance.
>
> If this is a _wired_ network, you can set your switch so that it knows on
> which port a given IP address is located, and can warn you of spoofing.
AFAIR some switches can recognise the issue and "kill" the port where the
bogus address appears - last time i stumbled across this it was to do with a
Cisco Cat 6509 (which is a high end expensive bit of hardware).
wireless is the flip side to this - there are probably some features
intended for "hot spot" use that will help, since a hot spot can get hit
with the same set of issues.
not done this - only seen the slide set :)....
with some APs you can set them so there is no client to client traffic
allowed - so 1 client cannot poison IP addresses for another. the 2nd bit is
to stop a user taking a different address to that assigned via DHCP - try
this:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d2df4.html
> the 'first spot' program allows, you can have it make note of username and
> MAC addresses, but MAC addresses are trivial to spoof/alter. All you can
> do is improve the odds somewhat.
>
> Old guy
--
Regards
stephen_hope@xyzworld.com - replace xyz with ntl
| 
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map