Firewalls: Prevention of LOCAL spoofing/duplicate I

Firewalls
(February 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Prevention of LOCAL spoofing/duplicate I
From:	"Robertson, Paul" <proberts @ moc1 . gannett . com>
Date:	Thu, 02 Feb 95 10:26:00 PST
To:	firewalls @ greatcircle . com, firewalls-owner @ GreatCircle . COM, "Wright, Robert" <rwright @ moc1 . gannett . com>
Encoding:	22 TEXT

[snip]
>We had an incident recently where someone used the same IP address on a
>machine
>(a PC running winsock) as one of our fileservers... nevertheless, the
>fileserver spazzed out, NFS went completey awry, and we were forced to
>start rebooting clients and the server to get things back to normal. 
>
>Besides going to 10BaseT (star configuration, intelligent hubs that only
>pass the proper IP address to the client connected to that leg of the hub) 
>Is there any way to prevent this? ANYONE can edit their Winsock configuration
>and make the IP address the same, and really hose your network... And this
>is internally... How do you prevent this, short of spending TONS of money
>on new hubs?
>
>                -jna

1. Put your production boxes on their own subnet.
2. Bootp your users

Before anyone says anything, bootp doesn't STOP them from using a valid
address, but it will stop them from doing so "accidently".

Indexed By Date	Previous:	Re: Supply-side spoofing prevention From: btk @ matrix . cray . com (Bryan Koch)
Indexed By Date	Next:	Intro to Firewalls pub available From: John Wack <jwack @ nist . gov>
Indexed By Thread	Previous:	Re: Re[2]: tweaking PC setups for TCP/IP From: CUETARA @ zorzal . metro . inter . edu
Indexed By Thread	Next:	Intro to Firewalls pub available From: John Wack <jwack @ nist . gov>