Re: IP address conflicts / locating

[Al Sparks <data345 () YAHOO COM>]

This was back in the days before DHCP was common, if it even existed.
Bootp was used a little on that campus.  It was also before the days of
VLAN's.

Anyway, I had been sent to another office building for a week or so,
and had stopped using the IP address in that subnet.  When I came back,
my IP address was being used, even though my identifier was still in
the name server, which was the only real way we documented static IP
addresses.  So I brought up my linux box on that IP, which unlike
Windows 3.11 (or was it a Macintosh?  I forgot) wouldn't give up if
someone was already using that IP.  I typed in a telnet command to
somewhere, and it just hung there, but I knew it was flooding the
subnet with IP packets with my IP address on it.

I came back a couple of hours later and I had my IP address back again.

However, I'm surprised that there's still a large University out there
that doesn't use DHCP for workstations / laptops.  I consider that a
best practice.
   === Al

--- David Gillett <gillettdavid () FHDA EDU> wrote:

>   It's going to depend largely on the equipment you use.  We're
> able to do this with most of our current gear (although it's terribly
> SLOW) because the switches also do layer 3 routing; on the old
> layer 2 only Cisco switches I used to work with, clients could
> only be located by MAC address and not IP.  (Searching by MAC
> address is slower than by IP address with the new gear, but more
> reliable for unknown reasons.)
>   Matching switch port numbers to jack locations depends on you
> documenting how the switches are wired to the patch panels.
>
>   A technique I've found useful, especially when rogue devices just
> hop to another jack, is to create a "black hole" VLAN and assign the
> rogue's MAC address to that VLAN.  Somehow, jacks that work for others
> stop working when they plug in....  Eventually, they either call for
> support or conclude that their NIC is broken.
>
> David Gillett
>
>
>
> > -----Original Message-----
> > From: Kevin Shalla [mailto:kshalla () UIC EDU]
> > Sent: Thursday, December 15, 2005 3:55 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] IP address conflicts / locating
> >
> > At our school, all our IPs are public and statically
> > assigned.  Because we're a large school, and IP management is
> > decentralized, we often have IP address conflicts.  Our
> > resolution procedure is to call the network group which
> > filters that IP address.  Then we wait until the perpetrator
> > calls the network group to say that the network isn't
> > working.  Then the perpetrator is told to use a different
> > address, and the original computer can have that IP address
> > back.  This can work when people are merely making mistakes,
> > however we're noticing rogue servers being installed, and
> > when they get filtered, they simply move on to another address.
> >
> > I've asked if we can get a tool which will take as input the
> > IP address, and give the switch port where this IP is active,
> > identify where this switch is, and further identify to which
> > building and room that port connects.  Do other schools have
> > this ability, or am I asking for too much?