ip collision

hi,

2 days ago i had quite worrying situation in my network. There was ping
response from main router but it wasn't accepting any connections and
wasn't forwarding any traffic. I managed to discover that someone had set
router's IP on his/her machine and in whole network this IP address was
pointing on this user's nic's MAC. Now everything is ok, but i want to ask
if anyone knows how to prevent such situations in future?
That router is running debian linux.

sw.
(E-Mail Removed)

swift wrote:
> hi,
>
> 2 days ago i had quite worrying situation in my network. There was
> ping response from main router but it wasn't accepting any
> connections and wasn't forwarding any traffic. I managed to discover
> that someone had set router's IP on his/her machine and in whole
> network this IP address was pointing on this user's nic's MAC. Now
> everything is ok, but i want to ask if anyone knows how to prevent
> such situations in future?
> That router is running debian linux.
>

I think really users shouldn't be configuring their own computers

swift <(E-Mail Removed)> wrote:
> 2 days ago i had quite worrying situation in my network. There was ping
> response from main router but it wasn't accepting any connections and
> wasn't forwarding any traffic. I managed to discover that someone had set
> router's IP on his/her machine and in whole network this IP address was
> pointing on this user's nic's MAC. Now everything is ok, but i want to ask
> if anyone knows how to prevent such situations in future?

Shoot the luser. Or install a faster router. The machine that replies
fastest to arp wins the race to get itself into other machines tables.

> That router is running debian linux.

The problem is in the luser, not in the router. The router is working
fine. The solutions to this kind of problem are at the social level, or
at the low-level hardware level. You can make it impossible for any
IP but a specific IP to be passed out from any specific socket, by
installing configurable hubs/routers between their sockets and the
net..

Other than that all you can do is detect the situation, using arpwatch
or such. It'll warn you (and flood your network with mail, unless you
are careful).

Peter

swift <(E-Mail Removed)> writes:

]hi,

]2 days ago i had quite worrying situation in my network. There was ping
]response from main router but it wasn't accepting any connections and
]wasn't forwarding any traffic. I managed to discover that someone had set
]router's IP on his/her machine and in whole network this IP address was
]pointing on this user's nic's MAC. Now everything is ok, but i want to ask
]if anyone knows how to prevent such situations in future?
]That router is running debian linux.

Yes, make sure that no user ever sets up their own IP without clearing
it with the central administrator. I do not know what "my network" means
but if you do not have the authority, get whoever does have it to let
everyone know that using an IP without permission is a very very serious
matter.

Then if necessary set up a dhcp server, so that people who want to
casually connect to the net can do so legally.

"swift" <(E-Mail Removed)> wrote in message
news:bqs8le$6ll$(E-Mail Removed)...
> hi,
>
> 2 days ago i had quite worrying situation in my network. There was ping
> response from main router but it wasn't accepting any connections and
> wasn't forwarding any traffic. I managed to discover that someone had set
> router's IP on his/her machine and in whole network this IP address was
> pointing on this user's nic's MAC. Now everything is ok, but i want to ask
> if anyone knows how to prevent such situations in future?

Subnet.

Put the users on a different subnet. Put a router between the subnets.


That way if they use a bad ip address, they can only hurt another user.

"swift" <(E-Mail Removed)> wrote in message
news:bqs8le$6ll$(E-Mail Removed)...
> hi,
>
> 2 days ago i had quite worrying situation in my network. There was ping
> response from main router but it wasn't accepting any connections and
> wasn't forwarding any traffic. I managed to discover that someone had set
> router's IP on his/her machine and in whole network this IP address was
> pointing on this user's nic's MAC. Now everything is ok, but i want to ask
> if anyone knows how to prevent such situations in future?
> That router is running debian linux.

ah , subnet if you want to protect servers, eg, so internet servers arent
interrupted by local users.

but if one local user sets this machine to have the router's ip address, all
the users network is cut off.

The only way would be to lock the IP to ethernet map for the router into
the users computers arp tables,

one dodgy way to do this is to have another machine broadcast an arp
response often enough.

swift <(E-Mail Removed)> randomly warbled in
comp.os.linux.networking:

> hi,
>
> 2 days ago i had quite worrying situation in my network. There was
> ping response from main router but it wasn't accepting any connections
> and wasn't forwarding any traffic. I managed to discover that someone
> had set router's IP on his/her machine and in whole network this IP
> address was pointing on this user's nic's MAC. Now everything is ok,
> but i want to ask if anyone knows how to prevent such situations in
> future?

On any OS of note (both Windoze and Linux), only administrators can
change the networking configuration.
If there are users on your network who have this authority - why ?
Make sure they either do not have the authority or they do have the
responsibility to do it right!

At the lowest HW level this is your responsibility.

--
Jeroen Geilman

All your bits are belong to us.