Server stops responding
in [UK Linux]
|
From: alexd on 28 Apr 2010 16:15 On 28/04/10 09:52, D.M. Procida wrote: > I'm not sure what could be done to prevent this - presumably, someone > could give their machines the same IP addresses as the main webservers', > and interefere with them in that way. This is a good reason to keep critical stuff in a different subnet + VLAN from ordinary users. -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm(a)ale.cx) 21:13:53 up 20:45, 1 user, load average: 0.10, 0.12, 0.10 It is better to have been wasted and then sober than to never have been wasted at all
From: Chris Davies on 29 Apr 2010 17:50
D.M. Procida <real-not-anti-spam-address(a)apple-juice.co.uk> wrote: > Thanks for the help. arpwatch (actually, Mocha) found it straight away: > another machine on the network somewhere is grabbing that one's IP > address, probably because someone has given it a manually-assigned > address. Yes, that would do it, every time! > I'm not sure what could be done to prevent this - presumably, someone > could give their machines the same IP addresses as the main webservers', > and interefere with them in that way. Yes, that's correct. And if the rogue machine is intentionally grabbing the IP address there are tricks it can use to make it *far* more likely other systems will see it that the "true" owner of that address. Exciting things can happen when you do that to your LAN's router, or local web proxy, particularly if you then transparently redirect the traffic back to the real target after you've sniffed the packets or even rewritten them... Fortunately tools like arpwatch or mocha can help alleviate the grief encountered when this sort of thing happens, but unless you stricly segment your network it's bound to happen from time to time. Chris |