Re: [fw-wiz] Duplicate Public IP Addresses?



The only thing I would add too what Paul said is that the hosts on the same
network (the private network that was incorrectly using the example 80.x.x.x
range) would end up using server B, as "local" traffic would not be routed
to it's default gateway.

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of arvind
doraiswamy
Sent: Friday, January 01, 2010 10:11 AM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Duplicate Public IP Addresses?

Hey Guys,
Maybe this is a bit of a basic question but I thought I'd ask here all
the same. Please let me know if this is too Non Firewall to be posted
:)

Over the years a lot of clients have used Public IP addresses on an
Internal network. So there's whole internal ranges with 80.x.x.x . Now
almost all of those systems do not have publicly reachable services at
all. Lets also assume that there is some website somewhere which has
the 80.x.x.x IP address assigned to it and people DO visit it and use
its "services". All ok so far.

What though if the internal network suddenly decided to make one of
his systems a web server , put a site onto it and pushed it on to the
Internet with the same 80.x.x.x address that was assigned to the
server when it was part of the Internal Network? Effectively it means
that now.. 2 servers ; the original web server (A) and the new web
server (B) both have an IP of 80.x.x.x (SAME).

Now I haven't done this practically and checked what will happen , but
I have a few questions in mind.

a) What happens to all the traffic going to A? Does it still go there
or do clients of A get redirected to B?
b) What about B wrt Question a) ?
c) What about DNS servers everywhere? What IP addresses will they
cache and how will they ensure that people are "routed" correctly?
d) Isn't this a very easy DOS condition? Anyone just changes IP ,
registers with their own DNS and sits back and waits?

Am I missing something? It just seems to easy to do..so I thought I'd
post here and get educated :)

Thnx
Arvind
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Fully parallel Scheme-based language w/ evaluator
    ... Windows Server 2003 and networks in simple - and irreverent - terms. ... If networking really is a big deal, ... Concepts and Terminology in Part I, and The Design and Deployment of Network ...
    (comp.lang.misc)
  • Re: Outgoing POP3 email missing/lost/not received
    ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.dns)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.networking)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.general)