(ASCEND) DHCP Spoofing/P75 Address Robbing

To: ascend-users@bungi.com
Subject: (ASCEND) DHCP Spoofing/P75 Address Robbing
From: "Rylan Luke" <rylan@rymar.com>
Date: Wed, 5 Nov 1997 19:33:16 +0000
Comments: Authenticated sender is <rylan@videoman.rymar.com>
Priority: normal
Reply-to: rylan@rymar.com
Sender: owner-ascend-users@max.bungi.com

MMedwid@symantec.com (Michael Medwid) wrote:

>   I sent the following message to one of our VIPs in response to a
> problem he was having bringing his laptop computer home from the
> office.  He has a routing/NAT using/DHCP spoofing P75 at home. I  
>   wondered if anyone else had ever seen this issue...

>  Bob, I was able to replicate your IP conflict message when
> taking a laptop that had been issued an IP address by the LAN based
> DHCP server and putting that on the home network with a Pipeline
> 75. The error message on my laptop is "The system has detected a
> conflict for 155.64.36.239 with 00:C0:7B:71:6E:1A".   

>     It turns out that 00:C0:7B:71:6E:1A is the mac address of the
> pipeline.  I ran show arp on the Pipeline and sure enough - the
> only entry was 155.64.36.236 associated with 00:C0:7B:71:6E:1A on
> ie0.  The Pipeline had appropriated the IP address associated the
> laptop's nic (!).  After running winipcfg and releasing the address
> and rebooting the laptop, everything came up ok (of course we
> already knew it would).  Unfortunately just clicking "renew" would
> not work because by that point Win95 had shut down IP on the
> ethernet interface.  

> It looks like a bug with DHCP spoofing on the Pipeline.  I
> upgraded the code on a Pipeline to the latest version to see if
> perhaps the issue had been addressed in the intervening months
> since we first rolled out the routed Pipelines.  But it was to no
> avail.  

> The best advice I can give at this point is to release the IP
> address using winipcfg right before shutting down for the day.
> That should allow you to get up on the first try when you put the
> laptop on the home network.  Meanwhile I have alerted Ascend of the
> bug and I'm reiterating the point in this message.  

I think I know what this is; I have seen the same thing when DHCP was 
not involved at all. I saw this with NT 4.0, but I'm guessing that 
Win95 does the same thing.

I'm assuming that the DHCP assigned address did not match the subnet 
of the network you moved the laptop to; e.g the network you moved to 
did not start with 155.64.... (in my case, they were class 'C' 
addresses instead of Class 'B', but the same problem occurs).

My understanding is this: on startup, a Win32 computer sends out an
ARP broadcast packet containing **it's own address**. If any computer 
responds with a mac adress, Win95 assumes that the IP address is 
already owned by another computer on the network, and shuts down the 
interface.

The problem arises because the IP address the computer sends out is 
not on the same logical subnet as the Pipeline. The Pipeline, being a 
router, responds with "yes, talk to this mac address (the Pipeline's) 
if you want to reach this (non-local) IP address".

One fix is to boot up the computer with the NIC disconnected, fix the 
IP address, and then connect and re-boot. Yes, it is a pain, but I 
don't think this one is the fault of the Pipeline.

Do I have this one right?

_______________________________
  Rylan Luke (rylan@rymar.com)
  Rymar Engineering
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Follow-Ups:

Re: (ASCEND) DHCP Spoofing/P75 Address Robbing

From: Richard Johnsson <johnsson@interval.com>

Prev by Date: (ASCEND) Pipeline-15 questions
Next by Date: (ASCEND) Radius Filter
Prev by thread: RE: (ASCEND) DHCP Spoofing/P75 Address Robbing
Next by thread: Re: (ASCEND) DHCP Spoofing/P75 Address Robbing
Index(es):
- Main
- Thread