Possible IP Addressing issues?
Results 1 to 10 of 10

Thread: Possible IP Addressing issues?

  1. #1
    Junior Member
    Join Date
    Aug 2011
    Posts
    1

    Possible IP Addressing issues?

    As I admin a network for a small company, a bunch of "what ifs" always enter my mind.

    What if a user brought into work a laptop with a static IP set on it (say, 192.168.1.5, which is already in use) and unplugged their workstation from their cube's ethernet wall jack and plugged in this laptop.

    This would make a duplicate IP address issue.

    What side effects would occur? I assume workstations on that segment could lose connection to the "real" 192.168.1.5 host because of bad association.

  2. #2
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    It would depend on if 192.168.1.5 was set as a DHCP Reservation or not.....if the original Host had the same IP, the newly introduced system would most likely get an IP Address Conflict error.....of course there are cases where it would not.....depending on proper Network configuration, etc.
    "It is a shame that stupidity is not painful" - Anton LaVey

  3. #3
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    The IP address might be in use, the MAC address wouldn't. In most corporate environments, Port Security is enabled, meaning that port would immediately shut down upon seeing the wrong MAC address.

    Even if there were a duplicate IP on the network, it's a minor inconvenience at most, provided that it's not a domain controller or something.

    You (the admin) notice a dupicate IP. You telnet/SSH/serial to the switch to see what's up. You find the two ports, one of which has the wrong MAC. Shut down the port and whoop the guy's ass.
    Real security doesn't come with an installer.

  4. #4
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,523
    Quote Originally Posted by D0pp139an93r View Post
    You (the admin) notice a dupicate IP. You telnet/SSH/serial to the switch to see what's up. You find the two ports, one of which has the wrong MAC. Shut down the port and whoop the guy's ass.
    but nowadays there is a run towards BYOD [Bring Your Own Device] and this issue is going to cause some headaches

    gonna have to dig out the LART
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Quote Originally Posted by Playerpawn View Post
    What side effects would occur? I assume workstations on that segment could lose connection to the "real" 192.168.1.5 host because of bad association.
    The 'new' machine with the IP address won't be able to communicate. The 'old' machine will keep on functioning without any issues but you will get lots of error messages about "duplicate IPs".
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Quote Originally Posted by foxyloxley View Post
    but nowadays there is a run towards BYOD [Bring Your Own Device] and this issue is going to cause some headaches

    gonna have to dig out the LART
    To follow this comment. Walked into the office the other day and there are some "students" doing calls for us with their own laptops.

    Cut a long story short, I got asked to look at one as she couldnt recieve emails or couldnt browse and good old utorrent was seeding without a problem.

    IMO management should RTFM or lose thei business, idiots.

    ./rant.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #7
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,523
    at present I am working 2nd 3rd line support NHS UK
    and the senior ones / medical and penpushers
    ALL want a fondle pad
    no NEED for them
    they just want them
    but Apple and NHS UK setup, isnt too compatico

    probably down to lazy Sys.Admin
    and the initial setup, that hasn't really changed since day 1
    but to make long story short ...........

    the fondlepads are now in use
    and still no real work for them
    but to get them there, the system has been err........ altered
    it all sux big time
    but the professors et al cant do without em
    so it happens
    not just 'students' and BYOD at fault
    sometimes the Apple ads are just SOOOOOOOOOO good
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  8. #8
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,002
    An old thread i know but there is one point I think that is worth considering is if the box connected is configured as either a dNS server or DHCP server and just so happens to have the same address. That can then cause problems.
    I have already had the experiance where some very intelligent engineers set up an "isolated lab" with a full PDC,DHCP ,WINS windows domain infrastructure. They used the private address range as normal and copied the exact addresses used on the production network. No problem till one of these very smart people needed to down load some patches from the net so he plugged his lab into the production network. You can imagine the mess.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  9. #9
    Junior Member
    Join Date
    Sep 2011
    Location
    Riding the NOP-Sled
    Posts
    14
    I didn't think many large corporations used 192.166.*.* addressing. Or small ones. If I were you i'd change it to a 10.*.*.* address and subnet it down from there. 10.{1-254}.*.* would give you quite a few addresses and make sure that the new computers wouldn't be using a possible IP. And then the user will have to make sure that they have DHCP turned on. Though I think if i were you, id make it so computers on the domain keep the address, and a computer that isn't on the domain, in a separate restricted OU that doesn't give them much on network rights. I can ask an NetAdmin or SysAdmin here what they would do but i have a feeling that the situation here is a lot different then yours.

  10. #10
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    A large network requires multiple DHCP servers; one for each subnet. Rogue devices are always an issue, especially if wireless is also part of the network. As for private addressing I have always recommended using the 10.0.0.0/8 network. I use it at home with a class B mask (10.0.0.0/16).

    Many large networks use reservations extensively. Devices without a reservation are assigned to a separate scope that is filtered by bridges and/or routers. Most network designs depend greatly on a specified level of security.

    I recall an incident at a client company producing leading edge satellite technology. An engineer set up a rogue device to smuggle designs. Because of the identifiable IP address that was assigned from an alternate scope, all of his outgoing material was audited and modified before being sent. It was a company operated "man in the middle" operation that prevented designs from being compromised and enabled law enforcement to arrest the people on the remote end. This was a unique situation, but it highlights the fact that a little network design planning can greatly enhance security.

Similar Threads

  1. What kind of issues can I expect from new Job? :)
    By kyrios in forum General Computer Discussions
    Replies: 2
    Last Post: September 22nd, 2006, 12:49 PM
  2. Symantec Client Firewall Remote Access and Denial of Service Issues
    By SDK in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 13th, 2004, 02:08 PM
  3. ISP Issues From Nachi / MSBlaster.D?
    By tonybradley in forum Miscellaneous Security Discussions
    Replies: 6
    Last Post: August 19th, 2003, 08:21 PM
  4. Windows 2000 SP4 Issues
    By avdven in forum Microsoft Security Discussions
    Replies: 0
    Last Post: July 10th, 2003, 06:21 PM
  5. Current Issues
    By Palemoon in forum AntiOnline's General Chit Chat
    Replies: 5
    Last Post: September 8th, 2002, 08:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides