Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How do I KILL this address?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
curmudgeon
Veteran
Veteran


Joined: 08 Aug 2003
Posts: 1523

PostPosted: Wed May 03, 2017 9:57 pm    Post subject: How do I KILL this address? Reply with quote

This one has baffled a very knowledgeable Linux network admin.

Booted from a gentoo live dvd.
Killed dhcp, network manager, and brought down eno1.

ifconfig eno1 192.168.0.12 netmask 255.255.255.0 broadcast 192.168.0.255
route add default gw 192.168.0.254

Code:

ifconfig -a
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.12 netmask 255.255.255.0 broadcast 192.168.0.255
ether 00:11:22:33:44:55 txqueuelen 1000 (Ethernet)
RX packets 10112080 bytes 4069965888 (3.7 GiB)
RX errors 0 dropped 871 overruns 0 frame 0
TX packets 3581955 bytes 295420873 (281.7 MiB)
TX errors 1 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 4086 bytes 348889 (340.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4086 bytes 348889 (340.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlo1: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 66:77:88:99:aa:bb txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


The probllem? Machine (and router) think it is ALSO 192.168.0.1 (which is in the dhcp range).
Answers arp requests (with the ethernet card mac address) from the router for 192.168.0.1 (as well as 192.168.0.12).
Replies to pings for 192.168.0.1 (as well as 192.168.0.12).
This is not some unexpired dhcp lease (it has been going on for three weeks).
One application was sending requests as if it were 192.168.0.1, but I finally put an end to that.
Still can't get rid of it, though. Any ideas what is keeping it alive?
Back to top
View user's profile Send private message
NTU
Apprentice
Apprentice


Joined: 17 Jul 2015
Posts: 163

PostPosted: Wed May 03, 2017 10:08 pm    Post subject: Reply with quote

ARP traffic is by default, all allowed, bidirectional. Unless you're using arptables, you'll be able to reach anything on the same network over ARP.

If you don't want to be able to ping 192.168.0.1 you'll need to break ICMP for that IP via iptables.

Code:
iptables -A INPUT -s 192.168.0.1 -j DROP
iptables -A OUTPUT -d 192.168.0.1 -j DROP


Duplicate same rules for arptables? Not sure if this answers your question?
Back to top
View user's profile Send private message
curmudgeon
Veteran
Veteran


Joined: 08 Aug 2003
Posts: 1523

PostPosted: Wed May 03, 2017 11:33 pm    Post subject: Reply with quote

I want the machine (and the router) to only see itself as 192.168.0.12. The address 192.168.0.1 should not exist. The machine should not think it has it. It should not answer apr requests or pings on that address, and the address should be available for the router to assign (via dhcp) to another client.
Back to top
View user's profile Send private message
Atom2
Apprentice
Apprentice


Joined: 01 Aug 2011
Posts: 185

PostPosted: Wed May 03, 2017 11:45 pm    Post subject: Re: How do I KILL this address? Reply with quote

curmudgeon wrote:
Any ideas what is keeping it alive?
Does your system have a (shared) Intel AMT interface or another (shared) remote management LAN interface like IMM (IBM slang) or iLO (HP slang) - I am sure there are other names as well - getting its IP address from DHCP or being statically set to 192.168.0.1?

Any such shared interface could explain why the system is answering against two IP addresses using only one MAC-address.
Those management interfaces also do not usually show up in the OS and thus are not visible from an ifconfig command.

If that's the case you would need to either disable AMT or any other management interface in the BIOS or give it a completely different IP address (either within the same subnet, but outside the DHCP range, or even within a completely different subnet).

Atom2
Back to top
View user's profile Send private message
curmudgeon
Veteran
Veteran


Joined: 08 Aug 2003
Posts: 1523

PostPosted: Thu May 04, 2017 12:22 am    Post subject: Reply with quote

I certainly don't think it has anything like that. The machine is a rather standard low to mid range laptop of 2012 vintage.
Back to top
View user's profile Send private message
Atom2
Apprentice
Apprentice


Joined: 01 Aug 2011
Posts: 185

PostPosted: Sun May 07, 2017 12:08 am    Post subject: Reply with quote

curmudgeon wrote:
I certainly don't think it has anything like that. The machine is a rather standard low to mid range laptop of 2012 vintage.
AMT was pretty standard in corporate/business laptops and was definitely already available in 2012 (I seem to remember that it was included in IBM/Lenovo Thinkpads back as far as the T61 which was produced from 2007 to 2009). It is sometimes also referred to as Intel ME and is connected with Intel vPro.

What make and model is your laptop?
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2869
Location: Illinois, USA

PostPosted: Sun May 07, 2017 1:56 am    Post subject: Reply with quote

That's the standard router address. Why do you want to kill it?
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5588

PostPosted: Mon May 08, 2017 12:22 am    Post subject: Reply with quote

It would help to see output from something that's maintained. What does "ip addr" say?
Back to top
View user's profile Send private message
curmudgeon
Veteran
Veteran


Joined: 08 Aug 2003
Posts: 1523

PostPosted: Tue May 23, 2017 1:34 pm    Post subject: Reply with quote

Tony0945 wrote:
That's the standard router address. Why do you want to kill it?


I don't care what the "standard" is. On this network, the router is 192.168.0.254, and the dhcp range is 192.168.0.1-192.168.0.9. There is not supposed to be anything at 192.168.0.1 other than dhcp leases (and the rogue machine already has a static address).

Ant P. wrote:
It would help to see output from something that's maintained. What does "ip addr" say?


Well, that is quite enlightening.

Code:

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 11:11:11:11:11:11 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.12/24 brd 192.168.0.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet 192.168.0.1/24 brd 192.168.0.255 scope global secondary eno1
       valid_lft forever preferred_lft forever
3: wlo1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 22:22:22:22:22:22 brd ff:ff:ff:ff:ff:ff


Figured I could solve it from there. The man page was worthless (because I don't have it installed - iproute2 was compiled with the minimal use flag - meaning no man pages, an man ip brought up some other ip man page), so I put duckduckgo to work, and quickly found a tutorial page for configuring interfaces.

Code:

# ip addr del 192.168.0.1/24 dev eno1


Pretty simple actually, if you know how to use the tools you have (which I clearly didn't).

Thank you. Not only did I solve the problem, but I am now committed to ditching ifconfig (and will reinstall iproute2, making sure I get the documentation this time).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum