[781] in resnet

home help back first fref pref prev next nref lref last post

Rerouting of ResNet traffic

daemon@ATHENA.MIT.EDU (Randall Watanabe)
Wed Feb 6 22:51:54 2002

MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
Message-ID:  <NDBBIGEEGLOCOICPMEGIAEKJCHAA.randallw@hawaii.edu>
Date:         Wed, 6 Feb 2002 17:26:13 -1000
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Randall Watanabe <randallw@HAWAII.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To:  <EF6375215231544B87FD58A965410B8A96560C@exchange.housing.ucsb.edu>

Ran into a strange problem yesterday and I am appealing to this group for
some help...

Long story short, basically one of the residents on our network appears to
have had all of our traffic getting routed to him before passing along to
our "real" router.  We noticed this when tracerts from several ResNet
computers were getting routed to one of our DHCP assigned addresses before
hitting the router.  Occasionally, the tracert would show it passing through
the real routers IP address twice before moving along.

When we disconnected the port we tracked the problem to, we lost all
connectivity for a short period then everything went back to normal.  I'm
thinking that somehow the resident had setup a router with the IP of our
real router, but my big question is if it was an intentional malicious act
(perhaps to sniff packets) or if it could have conceivably been an accident.

If anyone has had any kind of experiences like this or may know of how it
happened, I'd really appreciate it.  For the sake of brevity I omitted a lot
of details but can provide them if they are relevant.  Thanks!

Randall Watanabe
Resnet Computer Specialist
UH Student Housing Services
randallw@hawaii.edu

___________________________________________________
You are subscribed to the ResNet-L mailing list.

To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________

home help back first fref pref prev next nref lref last post