0

We have a corporate network that is comprised of the following elements:

Internet cable (wall) <-> (ext interface (DHCP))(Windows Server 2008, TMG-enabled, Internet Gateway)(int interface (static 192.168.0.1) <-> Internal Ethernet Network with Windows-based DHCP server, DNS, etc.

I have a gutt feelling that time after time a laptop is being brought by someone in the office that has a static IP, the same as our Gateway (192.168.0.1) set on it's ethernet adapter which causes our server to have a communication problem with the rest of the network. If it's a MacOS or Linux, I've heard that they for some reason can "steal" the IP even if one is already present in the network. Is it true and how can I protect our server from "outsiders with the same IP"?

Maxim V. Pavlov
  • 663
  • 3
  • 11
  • 29
  • 1
    It's not stealing the ip. It's perfectly possible for two hosts to have the same ip address. One is not stolen from the other, they both have it. The problem this presents is that other hosts needing to communicate with that ip address will communicate with whichever host answers the ARP request for that ip address first, which can lead to problems. The solution: 1. Don't let visitors just connect to your network without your knowledge and approval. 2. Use DHCP internally and make your guests configure their laptops to use DHCP to get their ip address. – joeqwerty Aug 17 '12 at 14:08

1 Answers1

1

Firstly you can prove it with some network monitoring. Use Winpcap and/or Wireshark with a filter to watch for any ARP responses for that IP from the wrong MAC address and leave it running. Most windows boxes will keep entries in the system event log if they detect a duplicate IP on the network as well.

A couple of work arounds..

You could statically map the arp cache's anywhere important on your network to the correct place. This will involve a lot of reconfiguring if you ever change NIC's or servers.

If you have fancy switches you could lock down switch ports to a MAC address to avoid people plugging random equipment in without getting in contact first.

Matt
  • 1,559
  • 8
  • 11
  • A fancier switch might also be able to do layer 3 and restrict which IP(s) a given port can use. I don't know if any exist to do this, but as soon as someone makes an open hardware platform with that many ports and the ability to run an OS of choice, it will happen. – Skaperen Aug 17 '12 at 15:02
  • http://www.ipcdevice.com/product/product_66.html – Matt Aug 17 '12 at 15:44
  • I'd prefer to see one architectured for more direct CPU core to NIC connection, and backend DMA crossbar switching. Something with an ARM chip for every 2 or 4 NICs, not a PC. Something to replace a switch, not a firewall. – Skaperen Aug 17 '12 at 23:29