[GTALUG] Ethernet alias triggering network security warnings

Giles Orr gilesorr at gmail.com
Thu Apr 28 11:47:00 EDT 2022 

On Wed, 27 Apr 2022 at 22:26, Kevin Cozens via talk <talk at gtalug.org> wrote:
> I am using an embedded system that is running a version of an Ubuntu distro.
> The embedded system is being set up so that the physical Ethernet port will
> have two aliases. One is eth0:0 and the other is eth0:1.
>
> eth0:0 is set to get an IP address via DHCP when a network cable is plugged
> in (assuming a DHCP server is available). The eth0:1 is set to have a static
> IP address. This allows an installer to connect a laptop to the system and
> do some onsite configuration (setting WiFi parameters).
>
> The network settings I'm using are:
>    auto eth0:0
>    iface eth0:0 inet static
>    address 192.168.100.110
>    netmask 255.255.255.0
>    gateway 192.168.100.1
>
>    auto eth0:1
>    allow-hotplug eth0:1
>    iface eth0:1 inet dhcp
>
> This was working at one point but lately a Windows machine on the network
> will start complaining either about possible ARP poisoning or it will say
> there is a duplicate IP address. The program on the Windows box reporting
> the problem is esset Internet Security. I know nothing about the program. It
> is on the machine of the person preparing boxes to be sent out in to the field.
>
> When I check the system that seems to have triggered the duplicate IP
> address warning I see no duplication. I have checked all the MAC addresses,
> inet v4 and inet v6 IP addresses listed by the ifconfig program.
>
> Does anyone on this list know anything about that security program or why
> the person setting up the embedded systems would be seeing the duplicate IP
> warnings?

Most DHCP servers I've used on the 192.168.N.* tend to be set up to
assign numbers in the 100-254 range.  Choosing "110" as your number
puts it in that range, and unless you explicitly told the DHCP server
that 110 is off bounds, it may assign it to another machine as well.
That would cause collisions, and all kinds of unhappiness.  Notice
that 1-99 aren't usually used by the DHCP server, and so are available
for use as static addresses.  This is of course dependent on the setup
of your DHCP server, you should take a look at its setup.

-- 
Giles
https://www.gilesorr.com/
gilesorr at gmail.com

More information about the talk mailing list