Date: Wed, 12 Jan 2000 12:31:38 +1100 From: Mark Summerfield <m.summerfield@ee.mu.oz.au> To: Frank Bonnet <bonnetf@bart.esiee.fr> Cc: freebsd-net@FreeBSD.ORG Subject: Re: IP address abuse ... Message-ID: <4.2.0.58.20000112121617.00ae0380@mullian.ee.mu.oz.au> In-Reply-To: <387B7E6B.2B5433B@softweyr.com> References: <200001111057.LAA17219@bart.esiee.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:03 11/01/00 -0700, Wes Peters wrote: >Frank Bonnet wrote: > > > > Our primary DNS runs FreeBSD and we are facing > > a boring problem , some stupid student has > > put the same IP address than the DNS on a Linux (mandrake) > > machine , then our FreeBSD said "someone has taken my IP address" > > and stop to serve our LAN ... > > > > Is it possible with FreeBSD to avoid such trouble ? > > ( arpwatch is running on this machine ) > >You do have sledgehammers in .fr, don't you? Take one and bash his machine >into several thousand small pieces, then explain to him that stealing IP >addresses is a TRES bad thing to do. This does seem to be the best solution -- and has widespread support ;-) There is probably not an effective or worthwhile technical solution anyway. My reading of Frank's question is that he has interpreted the refusal of the FreeBSD box to continue serving to be the result of some intentional code which (perhaps) disables the corresponding network interface when it discovers some other machine has "taken over" its address. If so, it's reasonable to conclude that this behaviour could perhaps be turned off. However, unless something's changed since I last looked at in_arpinput(), this is not what happens. In fact, the only action the FreeBSD box should take (aside from reporting the fact that someone else is using its IP address) when it sees an ARP request with its own source address, is to reply to that request. Such a request should ALWAYS be the first communication you see from the rogue Linux box, because it should issue a gratuitous ARP when the interface is brought up. However, otherwise the FreeBSD box should continue to do its best to carry on functioning normally. So your loss of DNS services is more likely due to the confusion being experienced by all the other machines on the network, and not due to any actions taken by the FreeBSD box which could be modified. Your only solution would be to take some action on every OTHER machine in your network -- for example hardwire routing entries and/or ARP cache entries on all your other hosts -- which, frankly, is a network management disaster waiting to happen. So stick with the sledgehammer. I don't think there is one in the ports collection, but you should be able to get one from a local hardware store! Mark ---- Dr. Mark Summerfield Australian Photonics Cooperative Research Centre Photonics Research Laboratory Dept. of Electrical and Electronic Engineering The University of Melbourne Parkville, 3052 AUSTRALIA Phone: +61 3 9344 7419 Fax: +61 3 9344 6678 Email: m.summerfield@ieee.org WWW: http://www.ee.mu.oz.au/staff/summer/index.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.20000112121617.00ae0380>