Date: Tue, 29 Aug 1995 17:42:02 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: Piero@strider.ibenet.it Cc: msmith@atrad.adelaide.edu.au, Hackers@FreeBSD.ORG Subject: Re: ARP'ing [Summary of responses] Message-ID: <199508300042.RAA04877@gndrsh.aac.dev.com> In-Reply-To: <199508290929.LAA02381@strider.ibenet.it> from "Piero Serini" at Aug 29, 95 11:29:05 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > Hello. > > Quoting from Michael Smith (Tue Aug 29 04:30:07 1995): > > Pavlov's Cat stands accused of saying: > > > same address (192.168.254.130) because it's the first free entry in it's > > > dynamic pool. (N.B.: DHCP servers don't have a way to monitor addresses > > > which are "in use" but weren't asssigned by the DHCP server.) The client > > > accepts the offered address and (at least with WinDoze clients) attempts to > > > ARP the wire for "192.168.254.130" since it doesn't explicitly "trust" the server. > > > Whoops! The client "discovers" that the address is already in use! > > > > Pick a DHCP server you have source for, and get it to arp around before > > it allocates the IP number. If it finds it, you have a few options : > ... > > I'd go another way: shutdown the entire network on a saturday night > for maintenance, set your own machine to ARP each and every address > you don't use, then correct all the IP numbers your abusers are abusing > and turn the network up again. Then stick this note around: > > I HAD TO WORK ALL THE NIGHT LONG TO RECOVER THE NETWORK > FROM YOUR ABUSES!! > > Please note that assigning IP numbers is *MY* duty, not > yours, so if you need one, just ask. > > VIOLATORS WILL BE PROSECUTED AND KILLED ON THE SPOT. > > It should work. This is an effective solution to the problem, one I have seen used at several sites. Basically they went in the wiring closets, powered off all the 10BaseT repeaters, set up the ARP stuff, then powered up the repeaters and watched machines all over the network keal over into a massive crash, every thing was running smoothly after 3 days of the tech support lines ringing solid 24 hours a day :-). Painful, but quite effective in resulting a solution. They keep the arp killer alive and when an IP address is assigned it is removed from the proxy arp table, this keeping folks from even trying to use an unassigned IP address. They also arp'ed for _all_ addresses outside of there assigned ranges to keep ``private'' networks from starting up in corners of the buildings :-). -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508300042.RAA04877>