Ethernet alias triggering network security warnings
Greetings, all. I am using an embedded system that is running a version of an Ubuntu distro. The embedded system is being set up so that the physical Ethernet port will have two aliases. One is eth0:0 and the other is eth0:1. eth0:0 is set to get an IP address via DHCP when a network cable is plugged in (assuming a DHCP server is available). The eth0:1 is set to have a static IP address. This allows an installer to connect a laptop to the system and do some onsite configuration (setting WiFi parameters). The network settings I'm using are: auto eth0:0 iface eth0:0 inet static address 192.168.100.110 netmask 255.255.255.0 gateway 192.168.100.1 auto eth0:1 allow-hotplug eth0:1 iface eth0:1 inet dhcp This was working at one point but lately a Windows machine on the network will start complaining either about possible ARP poisoning or it will say there is a duplicate IP address. The program on the Windows box reporting the problem is esset Internet Security. I know nothing about the program. It is on the machine of the person preparing boxes to be sent out in to the field. When I check the system that seems to have triggered the duplicate IP address warning I see no duplication. I have checked all the MAC addresses, inet v4 and inet v6 IP addresses listed by the ifconfig program. Does anyone on this list know anything about that security program or why the person setting up the embedded systems would be seeing the duplicate IP warnings? -- Cheers! Kevin. http://www.ve3syb.ca/ | "Nerds make the shiny things that https://www.patreon.com/KevinCozens | distract the mouth-breathers, and | that's why we're powerful" Owner of Elecraft K2 #2172 | #include <disclaimer/favourite> | --Chris Hardwick
On 2022-04-27 10:26 p.m., Kevin Cozens via talk wrote:
Does anyone on this list know anything about that security program or why the person setting up the embedded systems would be seeing the duplicate IP warnings?
I have no idea about that security app, but I bet it's seeing both your native and VLAN frames. A VLAN will have the same MAC address as the native. Your choices would be to see if you can block that VLAN from reaching that computer, possibly with a managed switch, or maybe there's some option within that app to ignore a specific MAC.
On Wed, 27 Apr 2022 at 22:26, Kevin Cozens via talk <talk@gtalug.org> wrote:
I am using an embedded system that is running a version of an Ubuntu distro. The embedded system is being set up so that the physical Ethernet port will have two aliases. One is eth0:0 and the other is eth0:1.
eth0:0 is set to get an IP address via DHCP when a network cable is plugged in (assuming a DHCP server is available). The eth0:1 is set to have a static IP address. This allows an installer to connect a laptop to the system and do some onsite configuration (setting WiFi parameters).
The network settings I'm using are: auto eth0:0 iface eth0:0 inet static address 192.168.100.110 netmask 255.255.255.0 gateway 192.168.100.1
auto eth0:1 allow-hotplug eth0:1 iface eth0:1 inet dhcp
This was working at one point but lately a Windows machine on the network will start complaining either about possible ARP poisoning or it will say there is a duplicate IP address. The program on the Windows box reporting the problem is esset Internet Security. I know nothing about the program. It is on the machine of the person preparing boxes to be sent out in to the field.
When I check the system that seems to have triggered the duplicate IP address warning I see no duplication. I have checked all the MAC addresses, inet v4 and inet v6 IP addresses listed by the ifconfig program.
Does anyone on this list know anything about that security program or why the person setting up the embedded systems would be seeing the duplicate IP warnings?
Most DHCP servers I've used on the 192.168.N.* tend to be set up to assign numbers in the 100-254 range. Choosing "110" as your number puts it in that range, and unless you explicitly told the DHCP server that 110 is off bounds, it may assign it to another machine as well. That would cause collisions, and all kinds of unhappiness. Notice that 1-99 aren't usually used by the DHCP server, and so are available for use as static addresses. This is of course dependent on the setup of your DHCP server, you should take a look at its setup. -- Giles https://www.gilesorr.com/ gilesorr@gmail.com
On 2022-04-28 11:47, Giles Orr via talk wrote:
Most DHCP servers I've used on the 192.168.N.* tend to be set up to assign numbers in the 100-254 range. Choosing "110" as your number puts it in that range, and unless you explicitly told the DHCP server that 110 is off bounds,
Thanks for the reply. I hadn't thought about that. I think the site where the boxes are being prepped was issuing addresses in the 10.*/24 range but perhaps not. The problem is more recent but something may have changed within the LAN where the prep work is being done. It would explain why I can't see the problem on the box that appears to be triggering the warnings. It is something to keep in mind when boxes are being installed at remote sites. -- Cheers! Kevin. http://www.ve3syb.ca/ | "Nerds make the shiny things that https://www.patreon.com/KevinCozens | distract the mouth-breathers, and | that's why we're powerful" Owner of Elecraft K2 #2172 | #include <disclaimer/favourite> | --Chris Hardwick
participants (3)
-
Giles Orr -
James Knott -
Kevin Cozens