[nSLUG] Problems with Eastlink Hosting Multiple IPs on One Network Interface

Jim Campbell jim at jcampbell.ca
Tue Nov 15 11:18:19 AST 2005


Dop Ganger wrote:
> On Mon, 14 Nov 2005, Jim Campbell wrote:
>
>> I would be interested in hearing reports from anybody else out there 
>> with a similar network arrangement (Linux 2.4 kernel aliasing static 
>> IPs) with Eastlink. Does it work for you?
>
> I have a data connection from Eastlink over fibre at the office with a 
> machine running a 2.4 kernel with 10 aliased IPs without any problem. 
> However, it's not doing NAT. Running tcpdump on the connection shows 
> next to no ARP traffic - just local traffic from the router. On my 
> machine at home on a regular cable connection, there's floods of ARP 
> traffic. I believe this is mostly down to worm traffic - Eastlink and 
> Aliant are both infested with worms that are trying to infect local 
> machines.
>
> The Cyberguard appliance should be ignoring any arps unless they're 
> explicitly directed to its IP address. My suspicion is that the 
> Eastlink routers are being overloaded by the amount of arp traffic,
Interesting theory. There are indeed a large number of ARP packets 
flying around from the Eastlink . The only ARP traffic on my subnet 
however is the Cyberguard doing a "arp who-has" for the router IP and 
receiving a response every 30 seconds or so.
>
> shows what looks like pretty much entirely routers (tell *.*.*.1) 
> apart from a few misconfigured firewalls (192.168.*.*). This has been 
> going on for quite a while, but increasing worm activity has probably 
> started to overload the routers. Checking my logs, 64 Eastlink IP 
> addresses (24.222.0.0) tried to attack the server on known worm ports 
> yesterday. Consider that these 64 machines are running pretty much 
> non-stop trying to infect other machines, and there is the probable 
> cause of all the ARP requests.
According to Eastlink techsupport each cable modem has a private IP 
which is used for network management purposes--this may explain some of 
the 192.168. stuff. I know the first hop from my Eastlink modem at home 
is 10.6.x.y

Jim
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
>
> 
>


!DSPAM:4379fc48140821470688634!




More information about the nSLUG mailing list