DBUECHNE@GTRI01.BITNET (Dave Buechner) (03/01/90)
On Mon, 26 Feb 90 11:20:14 EST Mike Hojnowski said: >On Thu, 22 Feb 90 10:19:14 EST Paul Goodwin said: >>We have also had an instance where a user started up a MACII and duplicated >>our mainframe's IP address. Apparrently, the MAC sent out a message saying >>'this is my IP address, and this is my ethernet address', which was picked up >>by the big system. It saw it's own IP address, and updated the online version >>of it's ethernet address. > >This is one of the biggest security mistakes you can make. If your IBM >mainframe is used for anything you would consider "production", you should >have it on a separate wire, isolated by a router. Putting a mainframe on >the same wire as a personal workstation is begging for security exposures and >availability problems from mistakes like you experienced. > If only I had that much control over network policy around here it'd been done a long time ago! :-| For this to work we'd have to start sub-netting around here as well, which has not been very popular with network policy makers in the past. >>Our 'fix' was to shutdown and re-ipl the TCP/IP account and reset our 8232. >> >>I am not sure if a fix is available for this; our solution was to tell the >>MAC user not to do it again.... :-) > >The "fix" is to remove the mainframe from the same wire as users. The >"workaround" when this problem occurs again (and I'm sure it will), is to >shoot the MAC user, remove his machine from the wire, then issue the >OBEYFILE command with a profile which contains a single "translate" >statement with no parameters. This will cause the ARP cache in TCP/IP to >be flushed, and you should be back online without shutting down TCPIP. > We discovered this later. This does lead me to a further question though. Is there any way to dump the ARP cache so that you can see what it has in it? This could be very helpful in instances such as these. >Mike Dave Buechner Lead IBM Systems Programmer Georgia Institute of Technology, Atlanta, GA, USA