Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco router spoofing?

Reply
Thread Tools

Cisco router spoofing?

 
 
Mark
Guest
Posts: n/a
 
      07-17-2003
Last night I had the gateway router take over the IP address for one
of my servers. I identified the router as the problem when I started a
server reboot and was still able to ping the IP address. Checking the
arp table on another machine revealed that it was the router
responding rather than the server. I looked throught the NAT
tranlation table and didn't see anything that could account for this
behavior. After reloading the router everything returned to normal.

I would like to make sure it dosn't happen again since I am not fond
of getting up at 3:00am to reload the router. Does anyone have a clue
about what I should be looking for?

It is a 1605R router using 12.0(7)T2 IOS cisco
c1600-oy-mz.120-7.T2.bin
 
Reply With Quote
 
 
 
 
Paul
Guest
Posts: n/a
 
      07-17-2003
Maybe the router thought the IP address was on another subnet attached to a
different segment of the network...


"Mark" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Last night I had the gateway router take over the IP address for one
> of my servers. I identified the router as the problem when I started a
> server reboot and was still able to ping the IP address. Checking the
> arp table on another machine revealed that it was the router
> responding rather than the server. I looked throught the NAT
> tranlation table and didn't see anything that could account for this
> behavior. After reloading the router everything returned to normal.
>
> I would like to make sure it dosn't happen again since I am not fond
> of getting up at 3:00am to reload the router. Does anyone have a clue
> about what I should be looking for?
>
> It is a 1605R router using 12.0(7)T2 IOS cisco
> c1600-oy-mz.120-7.T2.bin



 
Reply With Quote
 
 
 
 
Mark
Guest
Posts: n/a
 
      07-17-2003
"Paul" <p a u l a t d a l l a s m a v s d o t n e t> wrote in message news:<3f16e534$(E-Mail Removed)>...
> Maybe the router thought the IP address was on another subnet attached to a
> different segment of the network...
>
>
> "Mark" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > Last night I had the gateway router take over the IP address for one
> > of my servers. I identified the router as the problem when I started a
> > server reboot and was still able to ping the IP address. Checking the
> > arp table on another machine revealed that it was the router
> > responding rather than the server. I looked throught the NAT
> > tranlation table and didn't see anything that could account for this
> > behavior. After reloading the router everything returned to normal.
> >
> > I would like to make sure it dosn't happen again since I am not fond
> > of getting up at 3:00am to reload the router. Does anyone have a clue
> > about what I should be looking for?
> >
> > It is a 1605R router using 12.0(7)T2 IOS cisco
> > c1600-oy-mz.120-7.T2.bin


The router is the gateway for the host it was spoofing so it's routing
tables would show the subnet directly connected to the ethernet port.
 
Reply With Quote
 
Hapee
Guest
Posts: n/a
 
      07-17-2003

"Mark" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> "Paul" <p a u l a t d a l l a s m a v s d o t n e t> wrote in message

news:<3f16e534$(E-Mail Removed)>...
> > Maybe the router thought the IP address was on another subnet attached

to a
> > different segment of the network...
> >
> >
> > "Mark" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed) om...
> > > Last night I had the gateway router take over the IP address for one
> > > of my servers. I identified the router as the problem when I started a
> > > server reboot and was still able to ping the IP address. Checking the
> > > arp table on another machine revealed that it was the router
> > > responding rather than the server. I looked throught the NAT
> > > tranlation table and didn't see anything that could account for this
> > > behavior. After reloading the router everything returned to normal.
> > >
> > > I would like to make sure it dosn't happen again since I am not fond
> > > of getting up at 3:00am to reload the router. Does anyone have a clue
> > > about what I should be looking for?
> > >
> > > It is a 1605R router using 12.0(7)T2 IOS cisco
> > > c1600-oy-mz.120-7.T2.bin

>
> The router is the gateway for the host it was spoofing so it's routing
> tables would show the subnet directly connected to the ethernet port.



 
Reply With Quote
 
Hapee
Guest
Posts: n/a
 
      07-17-2003

"Mark" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> "Paul" <p a u l a t d a l l a s m a v s d o t n e t> wrote in message

news:<3f16e534$(E-Mail Removed)>...
> > Maybe the router thought the IP address was on another subnet attached

to a
> > different segment of the network...
> >
> >
> > "Mark" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed) om...
> > > Last night I had the gateway router take over the IP address for one
> > > of my servers. I identified the router as the problem when I started a
> > > server reboot and was still able to ping the IP address. Checking the
> > > arp table on another machine revealed that it was the router
> > > responding rather than the server. I looked throught the NAT
> > > tranlation table and didn't see anything that could account for this
> > > behavior. After reloading the router everything returned to normal.
> > >
> > > I would like to make sure it dosn't happen again since I am not fond
> > > of getting up at 3:00am to reload the router. Does anyone have a clue
> > > about what I should be looking for?
> > >
> > > It is a 1605R router using 12.0(7)T2 IOS cisco
> > > c1600-oy-mz.120-7.T2.bin

>
> The router is the gateway for the host it was spoofing so it's routing
> tables would show the subnet directly connected to the ethernet port.


Try disabling proxy arp?




 
Reply With Quote
 
David Wolfenbarger
Guest
Posts: n/a
 
      07-18-2003

It sounds like some type of proxy arp issue. Since proxy arp is on by default
you may try 'no ip-proxy arp' on your Ethernet interface. If you are doing any
dot1q or ISL trunking, and have sub-interfaces, I believe you will also need to
issue the same command on the sub.

David Wolfenbarger
----------
http://www.velocityreviews.com/forums/(E-Mail Removed) (Mark) wrote...

> Last night I had the gateway router take over the IP address for one
> of my servers. I identified the router as the problem when I started a
> server reboot and was still able to ping the IP address. Checking the
> arp table on another machine revealed that it was the router
> responding rather than the server. I looked throught the NAT
> tranlation table and didn't see anything that could account for this
> behavior. After reloading the router everything returned to normal.
>
> I would like to make sure it dosn't happen again since I am not fond
> of getting up at 3:00am to reload the router. Does anyone have a clue
> about what I should be looking for?
>
> It is a 1605R router using 12.0(7)T2 IOS cisco
> c1600-oy-mz.120-7.T2.bin


 
Reply With Quote
 
Mark
Guest
Posts: n/a
 
      07-21-2003
Disabled the proxy arp on Friday but it did the same thing again this morning.



David Wolfenbarger <dwolfenbarger at remove_me_no_spam_excite dot com> wrote in message news:<(E-Mail Removed)>...
> It sounds like some type of proxy arp issue. Since proxy arp is on by default
> you may try 'no ip-proxy arp' on your Ethernet interface. If you are doing any
> dot1q or ISL trunking, and have sub-interfaces, I believe you will also need to
> issue the same command on the sub.
>
> David Wolfenbarger
> ----------
> (E-Mail Removed) (Mark) wrote...
>
> > Last night I had the gateway router take over the IP address for one
> > of my servers. I identified the router as the problem when I started a
> > server reboot and was still able to ping the IP address. Checking the
> > arp table on another machine revealed that it was the router
> > responding rather than the server. I looked throught the NAT
> > tranlation table and didn't see anything that could account for this
> > behavior. After reloading the router everything returned to normal.
> >
> > I would like to make sure it dosn't happen again since I am not fond
> > of getting up at 3:00am to reload the router. Does anyone have a clue
> > about what I should be looking for?
> >
> > It is a 1605R router using 12.0(7)T2 IOS cisco
> > c1600-oy-mz.120-7.T2.bin

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using Cisco EZVpn together with router-to-router IPSEC config elixxir Cisco 2 08-21-2006 01:25 PM
Cisco 1750 Router Cisco QoS Device Manager Cisco VPN Device Manager Rene Kuhn Cisco 0 12-28-2005 08:45 PM
Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router war_wheelan@yahoo.com Cisco 1 12-14-2005 03:31 PM
ReQ; Help having problem with cisco router 1602R the Lan part works cannot log on to configure so PC can access internet, router connects to T1 line thier is an alarm light on anyone can help smokin@aol.com Computer Support 4 10-30-2004 06:06 AM
Slow Internet file download using Cisco Router 1710 + PCI broadband router Sam Cisco 6 12-29-2003 02:51 PM



Advertisments