1. Home
  2. Ethernet LAN
  3. Convention User Woas

Convention User Woas

Hi

I have a problem in my conventions areas. We sometimes get people who hook up to the local network in our convention areas and some people like to cause some problems...

Last week, we hosted a convention of programmers at our hotel and i had a problem with someone setting their ip to match my default gateway and dhcp server. This is becomming an issue and to the best of my knowledge there would be no way to stop any one from doing this.

I would assume this individual got the network info when they got their ip address from my dhcp server.

is there a good way to hide my default gateway that any one knows of? I have a HP procurve 5308xl network core switch as the back bone and am using a windows 2003 server running a program called first spot to intercept people and ask for login credentials.

If there is a way to hide this server great, what do I have to do? If there is an appliance that can force strict ip compliance, where do i get it? though i dont to my knowledge think there is any such appliance.

Your help is greatly apreciated!

Thanks

Reply to
smyers
Loading thread data ...

So what else is new? Wired or wireless?

Correct. Look at it this way - if they've used the same IP address as the gateway, they're not able to reach off the LAN either, as most operating systems recognize their "own" address, and any packets destined to that address will be sent to the loopback - going nowhere.

Where they st00pid enough to not spoof the MAC (hardware) address as well?

Sounds reasonable

No. Apparently you don't understand IP networking, and how routing works. The IP packet header has the "source" and "destination" IP addresses as the first eight bytes. Packets that are destined for some off-network address like 'groups.google.com' still have that IP address as the destination, but are sent to the MAC address of the local gateway. The sending computer looks at the routing table, and might see that (example) the local network is

192.168.2.0/24, and the loopback is 127.0.0.0/8. Well, groups.google.com (216.239.57.x) isn't one of those addresses, so the sending computer looks for the gateway - ARPs to determine the MAC address, then sends the packet with the destination address of 216.239.57.x to the MAC address of the gateway. Now, you've decided to "hide" the gateway. OK - how is the customer's computer supposed to figure out who to send the packet to for onward relay? Is it supposed to guess?

If this is a _wired_ network, you can set your switch so that it knows on which port a given IP address is located, and can warn you of spoofing. If the 'first spot' program allows, you can have it make note of username and MAC addresses, but MAC addresses are trivial to spoof/alter. All you can do is improve the odds somewhat.

Old guy

Reply to
Moe Trin

AFAIR some switches can recognise the issue and "kill" the port where the bogus address appears - last time i stumbled across this it was to do with a Cisco Cat 6509 (which is a high end expensive bit of hardware).

wireless is the flip side to this - there are probably some features intended for "hot spot" use that will help, since a hot spot can get hit with the same set of issues.

not done this - only seen the slide set :)....

with some APs you can set them so there is no client to client traffic allowed - so 1 client cannot poison IP addresses for another. the 2nd bit is to stop a user taking a different address to that assigned via DHCP - try this:

formatting link

Reply to
stephen

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.