Re: Releasing IP Address

From: x y (jamescagney90210@excite.com)
Date: 06/28/02


From: "x y" <jamescagney90210@excite.com>
Date: Fri, 28 Jun 2002 17:32:57 -0400


"wyerd" <wyerdl@juno.com> wrote in message
news:1162701c21e94$0eb76bd0$a4e62ecf@tkmsftngxa06...
> Ah, to be in the corporate world. But unfortunately this
> is county politics. Each agency has its own elected
> official and IS dept. The Commission as the distributor
> of money mandated one central network. Elected officials
> protested and the compromise was four independent networks
> each connected to my hub, but individually managed. I

Another possible solution might be to add a static arp mapping to any
machine that is being affected. The command for this on Windows 2000 is:
arp -s 157.55.85.212 00-aa-00-62-c6-09

If you do this, I don't believe your computers will have this problem again,
since what is being hijacked. [I suppose you might still have problems if
you used any switches on your network.] If the MAC address or network
interface on your firewall changes, then you'd need to change the arp
mapping.

Another solution could be to replace your hub with a router and different IP
subnets. Then, no other subnet could take your IP address, or if it did, it
couldn't get routed to your network.

Another solution might be to use Netbeui or IPX/SPX to access the printer,
if the printer supports such things. Or give your printer a different IP
address.

The ideal solution is that the DHCP server really needs to have a
reservation put on it so it does not hand out this IP address. I guess
there's no arguing with politics, but this is an absolute technical
necessity in this case.

> have all IP addresses posted on our support site so each
> department can check such things, but arrogance runs
> high. I do not know how an IBM printer can take priority
> over a firewall at the server, but when they assigned it
> the same IP, it dominated. I can direct connect to my

If the device [in this case the IBM printer] does not check to see if the IP
address is in use before accepting it, then it takes the IP address and
problems start occuring. If the original computer using the IP address was,
say, a Windows 2000 computer, when you reboot your computer it detects that
the ibm printer has taken your ip address and stops using the IP address.

Once a device like the printer has taken a duplicate IP address, it starts
replying with its mac address to arp requests on the local network when your
computer tries to find the mac address of the firewall to be able to get on
the internet. Which device wins probably depends on how fast each device
replies to the arp request with its mac address, and how the client computer
trying to get on the internet handles multiple responses to arp requests.
So, this his how some devices may start sending internet communications to
the printer. Even though one device is a firewall, that doesn't give it any
higher claim over that ip address.

> firewall and change the IP, but that doesn't resolve my
> root problem of controlling the assignment of IP addresses
> by other agencies. Ideally what I need is a way to ban a
> MAC address from accessing with any IP address.

I don't believe your hub will allow this, but if you replaced your hub with
a switch, some switches should be able to let you ban a certain port or mac
address. This might be another solution, since switches are cheap and
probably no one would notice the switch.

> >-----Original Message-----
> >Your company needs a central department to manage
> distributing IP addresses,
> >or at least a central database for people to go to
> reserve IP addresses and
> >check for their availability. This is just standard
> practice and common
> >sense, and this sort of problem will probably happen
> again unless something
> >like this is put into place.
> >
> >I'm not sure about IBM printers, but most every device I
> can think of
> >working with does not request DHCP IP addresses if it has
> a static IP
> >address already assigned. The device needs to request a
> DHCP address before
> >it can get one. I would think that this can only be
> corrected by a setting
> >on the IBM printer, possibly by getting help from someone
> knowledgeable in
> >this type of printer. I'm thinking that possibly there
> is more than one
> >place to set more than one IP address, like perhaps a
> second IP address for
> >management?
> >
> >This seems a little silly, but you could put a spare or
> inexpensive router
> >or firewall in front of the printer and block parts or
> all of the DHCP
> >communication [such as the initial broadcast, or perhaps
> UDP 67 and 68] from
> >the printer. [A $70 Netgear or Linksys BEFSR41 might be
> able to do this.]
> >
> >"wyerd" <wyerdl@juno.com> wrote in message
> >news:1119c01c21e45$d9f03510$37ef2ecf@TKMSFTNGXA13...
> >> I work in a politically polarized environment. This
> >> creates situation where another department assigns an IP
> >> address to a device that I already have assigned (in
> this
> >> case to my firewall). I am not allowed to cross
> political
> >> lines to correct this. Is there a way to block the
> device
> >> and force it to release the IP?
> >
> >
> >.
> >



Relevant Pages

  • RE: Tracing physical machines on DHCP networks
    ... will get router's mac. ... But this assuming managed switches and ... ... > my network generating a very huge amt of suspicious traffic. ... > the firewall to access the network. ...
    (Security-Basics)
  • Re: Networking an Apple Mac to a PC
    ... I can read and write to the mac from the PC. ... I can access PCs on other networks. ... I have reset the firewall settings in XP. ... Windows will not impact file sharing with the Mac. ...
    (microsoft.public.windowsxp.network_web)
  • Re: WLAN security question
    ... >> I actually secure by WLAN by only allowing certain MAC addresses to connect ... We secure it in three ways. ... PUT THE WHOLE THING BEHIND A FIREWALL. ... >trusted access to our internal network nor any of our servers. ...
    (comp.security.misc)
  • Re: Not able to print to shared OS X printer
    ... >> It's shared, via a Mac running OS X, over the network. ... > Try turning off firewall completely. ... it automatically opens ports 631 and 515. ...
    (Fedora)
  • Re: Macs more expensive? Not if you consider TCO
    ... You hardly ever say anything positive of the Mac. ... religion, politics, etc. ... This group is about advocating the Mac platform. ...
    (comp.sys.mac.advocacy)