Re: Private LAN: why should the gateway address be at the low end of the range, rather than at the h

Discussion in 'Cisco' started by Ted Jones, Sep 26, 2005.

  1. Ted Jones

    Ted Jones Guest

    Walter Roberson wrote:
    > In article <>,
    > I'm Ted Jones Dammit!!! <-labs.net> wrote:
    > :I've been told, and it certainly seems to be convention, to assign the
    > :internal interface on the firewall (or router) an address that is low
    > :in the range. In a class C situation, the gateway address is often
    > :*.*.*.1 .
    >
    > :Why is this? What difference does it make if you use a different
    > :address in your private address range, such as 192.168.1.130, or
    > :192.168.1.254 ?
    >
    > :Does it really matter
    >
    > The only way in which it matters is that if one has a number
    > of subnets, it is easier to remember a convention about the
    > address than to remember an arbitrary address. Now, multiply
    > that by the number of people who might need to configure a
    > system for use on one of those subnets.

    Is it possible that it would make a difference under certain hardware
    platforms, such as CISCO. I've seen some strange things on CISCO
    networks. For instance, we had a bunch of systems at one site,
    configured with no default gateway, that got infected with a virus.
    They started spitting out virus traffic to the internet even though
    they had no configured gateway, or route set on the client.

    Ever seen anything like that?
     
    Ted Jones, Sep 26, 2005
    #1
    1. Advertising

  2. In article <>,
    "Ted Jones" <-labs.net> wrote:

    > Walter Roberson wrote:
    > > In article <>,
    > > I'm Ted Jones Dammit!!! <-labs.net> wrote:
    > > :I've been told, and it certainly seems to be convention, to assign the
    > > :internal interface on the firewall (or router) an address that is low
    > > :in the range. In a class C situation, the gateway address is often
    > > :*.*.*.1 .
    > >
    > > :Why is this? What difference does it make if you use a different
    > > :address in your private address range, such as 192.168.1.130, or
    > > :192.168.1.254 ?
    > >
    > > :Does it really matter
    > >
    > > The only way in which it matters is that if one has a number
    > > of subnets, it is easier to remember a convention about the
    > > address than to remember an arbitrary address. Now, multiply
    > > that by the number of people who might need to configure a
    > > system for use on one of those subnets.

    > Is it possible that it would make a difference under certain hardware
    > platforms, such as CISCO. I've seen some strange things on CISCO


    Nope, AFAIK Cisco has no special affinity for using .1 as the router
    address.

    > networks. For instance, we had a bunch of systems at one site,
    > configured with no default gateway, that got infected with a virus.
    > They started spitting out virus traffic to the internet even though
    > they had no configured gateway, or route set on the client.
    >
    > Ever seen anything like that?


    Cisco routers perform proxy ARP by default. So if a machine on the LAN
    doesn't have its default gateway set, and simply ARPs for everything,
    the router connected to the Internet will respond.

    --
    Barry Margolin,
    Arlington, MA
     
    Barry Margolin, Sep 27, 2005
    #2
    1. Advertising

  3. Ted Jones

    Dom Guest

    Without a route corresponding to the destination, for what IP would the
    client arp? If the virus simply sends frames to the network addressed to
    ff-ff-ff-ff-ff-ff, the router may route them, no? That is, unless the router
    refused to route frames addressed to the broadcast mac. I suppose access to
    raw sockets would be required, but I believe xp provided that access
    pre-sp2.
     
    Dom, Sep 27, 2005
    #3
  4. Ted Jones

    Guest

    In article <4338e16c$0$88081$>, "Dom" <dom@invalid> writes:
    > Without a route corresponding to the destination, for what IP would the
    > client arp?


    The destination address, of course.

    And if the router is doing proxy ARP, it can reply to this ARP request
    with its own MAC address. So the client will naturally forward the
    packet to the router. The router will then forward it toward the
    intended destination.

    John Briggs
     
    , Sep 27, 2005
    #4
  5. Ted Jones

    kymwak Guest

    The router will definately listen to ffff.ffff.ffff
    If proxy arp is on (ip proxy-arp is the command on the interface) then
    the router will respond to ARPs if the IP requested is actually out a
    different interface on the router. The router replies to the arp with
    the mac address of the LOCAL interface. The client then just sends the
    frame to the router and the router repackages it out the corresponding
    interface (it routes). Depending on client config, a client can arp
    almost anything.
     
    kymwak, Sep 27, 2005
    #5
  6. Ted Jones

    Dom Guest

    I presume he was referring to Windows machines. I'm skeptical that Windows
    would arp for the destination IP for lack of a route. On that point, I'll
    have to perform some testing to confirm.
     
    Dom, Sep 28, 2005
    #6
  7. In article <4339feda$0$88064$>,
    Dom <dom@invalid> wrote:
    :I presume he was referring to Windows machines. I'm skeptical that Windows
    :would arp for the destination IP for lack of a route. On that point, I'll
    :have to perform some testing to confirm.

    Windows does do some unusual things in this regard. In particular,
    if your gateway is not in your subnet, Windows will arp all-networks
    and talk directly to the gateway without going through a router.

    It might perhaps do even more unusual things; I haven't tested for others.
    --
    I was very young in those days, but I was also rather dim.
    -- Christopher Priest
     
    Walter Roberson, Sep 28, 2005
    #7
  8. Ted Jones

    Billl George Guest

    On windows, set your default gateway to the same IP as you're IP address
    and it will use proxy arp for every destination.

    "Dom" <dom@invalid> wrote in message
    news:4339feda$0$88064$...
    >I presume he was referring to Windows machines. I'm skeptical that Windows
    >would arp for the destination IP for lack of a route. On that point, I'll
    >have to perform some testing to confirm.
    >
     
    Billl George, Sep 28, 2005
    #8
  9. Ted Jones

    Dom Guest

    Indeed, my research indicates that setting the IP and default gateway to the
    same address causes xpsp2 to arp for the destination IP.
     
    Dom, Sep 29, 2005
    #9
  10. Ted Jones

    Dom Guest

    I'm not sure what you mean by arp all-networks. When the IP and default
    gateway are in different networks on xpsp2, Windows arps for the default
    gateway and for lack of a response, does nothing further. I suppose Windows
    would not have arp'd for the address unless it intended to communicate.
     
    Dom, Sep 29, 2005
    #10
  11. Ted Jones

    Dom Guest

    My research indicates that for lack of a route on xpsp2, Windows arps for
    nothing. Again, I'm not sure to which client platform Ted was referring.
     
    Dom, Sep 29, 2005
    #11
  12. Re: Private LAN: why should the gateway address be at the low endof the range, rather than at the high end.

    Dom wrote:
    > Without a route corresponding to the destination, for what IP would the
    > client arp? If the virus simply sends frames to the network addressed to
    > ff-ff-ff-ff-ff-ff, the router may route them, no? That is, unless the router
    > refused to route frames addressed to the broadcast mac. I suppose access to
    > raw sockets would be required, but I believe xp provided that access
    > pre-sp2.
    >
    >

    Is it possible that a slightly intelligent Virus was listening to
    routing broadcasts by the router, like maybe the routers had RIP or
    EIGRP enabled and the Virus made use of that to find the gateway?

    Just a thought?

    Dennis
     
    Dennis Willson, Nov 4, 2005
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. RedRat
    Replies:
    1
    Views:
    727
    Aaron Leonard
    Feb 1, 2006
  2. High end P&S or Low end D-SLR

    , Mar 29, 2006, in forum: Digital Photography
    Replies:
    61
    Views:
    1,400
    J. Clarke
    Apr 6, 2006
  3. Replies:
    4
    Views:
    3,554
    Troppo
    Jul 13, 2007
  4. discodave
    Replies:
    4
    Views:
    406
    TBone
    Oct 25, 2007
  5. Brian
    Replies:
    31
    Views:
    1,150
    Bob Larter
    Jun 14, 2009
Loading...

Share This Page