On Tue Aug 04 1998, "Trevor Reynolds" wrote:
> Anyway, I find out that one of my dial-in customers, using windows95, was
> requesting the same ip address as my web server, now it is my
> understanding, and past experience, that a network client even though he
> can request that same ip address, he will not have network access, so
> long as the original holder of that ip address is online. (does that make
> any sense).
That should NEVER be allowed to happen! (For one thing, it is a security
problem, for another, it would throw your entire network into chaos, which
is exactly what you are seeing).
> But somehow, that user managed to override my servers internet address.
Again, this should not be allowed to happen!
> I also tried to duplicated the problem several times, with the normal
> result, I could not take the servers address, I was able to dial in, but
> had no network capabilities.
Perhaps the other person was using linux and not a win95 client? :-)
> So, what I am wondering, is what may have caused this, or how this may
> have happened. BTW, the dial up server is windowsNT v3.51 using standard
> microsoft remote access.
Sounds very much like a misconfigured or brain-dead PPP/NT server.
In fact, this is a winNT admin/security/bug problem, nothing to do with
linux per se. Nevertheless...
It seems that your NT server is allowing your PPP clients to ask for, and
get, specific IP addresses.
IP allocation to a dialup PPP client should be done either statically for
specific users, or (more usually) dynamically from a pool of IP addresses
used specifically for this purpose.
The PPP negotiation process provides for the capability of a client to ask
for a specific IP address. This should normally (always?) be refused by
the PPP server (unless the requested address is valid, available, and
allowed), which should give the client its IP address rather than let the
client take it.
(I'm no win95 guru, but I seem to recall that, unlike linux's pppd daemon,
you can't do that with its PPP client setup, so it is likely that a win95
client isn't doing this to you... more like a misconfigured linux-based
client).
I'm a self-confessed unix/linux geek, a little more familiar with NT4 than
NT3.51, and I'm not all that impressed with NT4. My advice is to remove
that NT3.51 piece of trash and install linux on it (or at the very least
upgrade to NT4/SP3 if you want to waste your money).
Setting up linux (from any standard distribution) to act as a well-behaved,
reliable and stable PPP server is not at all a difficult to do. (The PPP
HOWTO has the scoop about doing this - and many ISPs are using linux for
this purpose).
> Thanks in advance,
> and if I've boored anyone I apologize :)
Small point, but I just wish you had formatted your message into paragraphs
rather than lumping it all into one big block... it made for very difficult
reading...
Cheers
Tony
