[SLL] Network problems

[Mike Schuh]

On Wed, 17 Jan 2007, Dave Pfaltzgraff wrote:

>Then later, Mark Foster said:
>=====
>Make sure you're not duplicating someone else's IP address
>-----
>My first thought was, "Of course not, Silly." Then my next action was a
>slap on the forehead with a corresponding "Doh!"

OK.  Story from the trenches.

Whilst employed at a large organization, I was briefly involved in tracking
down a rogue IP address.  The setting: our datacenter shared a building
with humanoids; there was one (1) router for the building (not counting
external connections outside of the organization), meaning that employee
desktops were on the same subnet as production systems.

One afternoon, DNS queries began to fail.  After a few minutes, all would
be well again.  And then not.  And then OK.  The champ is down!  The champ
is up!

We quickly figured out that there was a second system using the same IP
address as the organization's internal nameserver, and that it and the real
nameserver were plugged into the same switch (or the building's router, I
forget which).  The switch/router would first send DNS query packets to one
machine and then the other.

Shortening the story a bit, it turns out that the errant system was a
laptop that had just been configured - by a member of the organization's
data security group, no less.  On the Brand M GUI, the address assigned to
the nameserver got put in the wrong box (obLinux: would the mistake have
been less likely with a command line interface or a text editor?).

My boss had previously ranted about the risks involved with sharing a
network segment with employee desktops and production systems, but the bean
counters had prevailed.  I never heard if the building's network was split
after that, but it sure seems like a Good Idea.

--
Mike Schuh - Seattle, Washington USA
http://www.farmdale.com