-
August 15th, 2011, 03:22 AM
#1
Possible IP Addressing issues?
As I admin a network for a small company, a bunch of "what ifs" always enter my mind.
What if a user brought into work a laptop with a static IP set on it (say, 192.168.1.5, which is already in use) and unplugged their workstation from their cube's ethernet wall jack and plugged in this laptop.
This would make a duplicate IP address issue.
What side effects would occur? I assume workstations on that segment could lose connection to the "real" 192.168.1.5 host because of bad association.
-
August 15th, 2011, 04:39 AM
#2
It would depend on if 192.168.1.5 was set as a DHCP Reservation or not.....if the original Host had the same IP, the newly introduced system would most likely get an IP Address Conflict error.....of course there are cases where it would not.....depending on proper Network configuration, etc.
"It is a shame that stupidity is not painful" - Anton LaVey
-
August 15th, 2011, 04:49 AM
#3
The IP address might be in use, the MAC address wouldn't. In most corporate environments, Port Security is enabled, meaning that port would immediately shut down upon seeing the wrong MAC address.
Even if there were a duplicate IP on the network, it's a minor inconvenience at most, provided that it's not a domain controller or something.
You (the admin) notice a dupicate IP. You telnet/SSH/serial to the switch to see what's up. You find the two ports, one of which has the wrong MAC. Shut down the port and whoop the guy's ass.
Real security doesn't come with an installer.
-
August 16th, 2011, 12:25 AM
#4
Originally Posted by D0pp139an93r
You (the admin) notice a dupicate IP. You telnet/SSH/serial to the switch to see what's up. You find the two ports, one of which has the wrong MAC. Shut down the port and whoop the guy's ass.
but nowadays there is a run towards BYOD [Bring Your Own Device] and this issue is going to cause some headaches
gonna have to dig out the LART
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
August 16th, 2011, 07:46 AM
#5
Originally Posted by Playerpawn
What side effects would occur? I assume workstations on that segment could lose connection to the "real" 192.168.1.5 host because of bad association.
The 'new' machine with the IP address won't be able to communicate. The 'old' machine will keep on functioning without any issues but you will get lots of error messages about "duplicate IPs".
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 17th, 2011, 06:28 PM
#6
Originally Posted by foxyloxley
but nowadays there is a run towards BYOD [Bring Your Own Device] and this issue is going to cause some headaches
gonna have to dig out the LART
To follow this comment. Walked into the office the other day and there are some "students" doing calls for us with their own laptops.
Cut a long story short, I got asked to look at one as she couldnt recieve emails or couldnt browse and good old utorrent was seeding without a problem.
IMO management should RTFM or lose thei business, idiots.
./rant.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
August 17th, 2011, 09:23 PM
#7
at present I am working 2nd 3rd line support NHS UK
and the senior ones / medical and penpushers
ALL want a fondle pad
no NEED for them
they just want them
but Apple and NHS UK setup, isnt too compatico
probably down to lazy Sys.Admin
and the initial setup, that hasn't really changed since day 1
but to make long story short ...........
the fondlepads are now in use
and still no real work for them
but to get them there, the system has been err........ altered
it all sux big time
but the professors et al cant do without em
so it happens
not just 'students' and BYOD at fault
sometimes the Apple ads are just SOOOOOOOOOO good
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
September 9th, 2011, 09:43 AM
#8
An old thread i know but there is one point I think that is worth considering is if the box connected is configured as either a dNS server or DHCP server and just so happens to have the same address. That can then cause problems.
I have already had the experiance where some very intelligent engineers set up an "isolated lab" with a full PDC,DHCP ,WINS windows domain infrastructure. They used the private address range as normal and copied the exact addresses used on the production network. No problem till one of these very smart people needed to down load some patches from the net so he plugged his lab into the production network. You can imagine the mess.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
September 13th, 2011, 07:57 AM
#9
I didn't think many large corporations used 192.166.*.* addressing. Or small ones. If I were you i'd change it to a 10.*.*.* address and subnet it down from there. 10.{1-254}.*.* would give you quite a few addresses and make sure that the new computers wouldn't be using a possible IP. And then the user will have to make sure that they have DHCP turned on. Though I think if i were you, id make it so computers on the domain keep the address, and a computer that isn't on the domain, in a separate restricted OU that doesn't give them much on network rights. I can ask an NetAdmin or SysAdmin here what they would do but i have a feeling that the situation here is a lot different then yours.
-
September 13th, 2011, 01:39 PM
#10
A large network requires multiple DHCP servers; one for each subnet. Rogue devices are always an issue, especially if wireless is also part of the network. As for private addressing I have always recommended using the 10.0.0.0/8 network. I use it at home with a class B mask (10.0.0.0/16).
Many large networks use reservations extensively. Devices without a reservation are assigned to a separate scope that is filtered by bridges and/or routers. Most network designs depend greatly on a specified level of security.
I recall an incident at a client company producing leading edge satellite technology. An engineer set up a rogue device to smuggle designs. Because of the identifiable IP address that was assigned from an alternate scope, all of his outgoing material was audited and modified before being sent. It was a company operated "man in the middle" operation that prevented designs from being compromised and enabled law enforcement to arrest the people on the remote end. This was a unique situation, but it highlights the fact that a little network design planning can greatly enhance security.
Similar Threads
-
By kyrios in forum General Computer Discussions
Replies: 2
Last Post: September 22nd, 2006, 12:49 PM
-
By SDK in forum Miscellaneous Security Discussions
Replies: 0
Last Post: May 13th, 2004, 02:08 PM
-
By tonybradley in forum Miscellaneous Security Discussions
Replies: 6
Last Post: August 19th, 2003, 08:21 PM
-
By avdven in forum Microsoft Security Discussions
Replies: 0
Last Post: July 10th, 2003, 06:21 PM
-
By Palemoon in forum AntiOnline's General Chit Chat
Replies: 5
Last Post: September 8th, 2002, 08:56 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|