Richard,
We are looking at this from the M$GARBAGE side of the world. The
problem is related to Microsoft's implementation of DHCP and whether or
not you have a Microsoft DHCP or WINS server on your network, The data
being returned to Linux is causing severe network problems, incluing
DHCP broadcast storms. Caldera's LIZARD utility gets into a state
whereby it starts flooding the network with DHCP broadcasts that will
crash local and remote networks (we have brought down our T1 with US
WEST twice this week). I am running TCPDUMP and trapping the garbage
packets so we can determine why Linux is doing this. This looks like a
Linux problem, since Linux is the one trashing the network and
generating the Broadcast storms. Andy Bradford and Mark Oberg at
Caldera are looking at this right now with us. I'll update the list
when we find out why Linux and Windows NT DHCP don't play well together.
We have also seen the ICMP problem as well, and both appear to be
related to a Linux server asking a Microsoft DHCP server for an
address. I will post the TCPDUMP file to whomever owns this problem in
Linux.
Jeff
"Richard B. Johnson" wrote:
>
> Alexy and other network gurus;
>
> When Linux network comes up during boot. I get a number of
> "invalid ICMP error to a broadcast" messages from the M$GARBAGE
> machines. These persist until I get to turn OFF the messages in
> /etc/rc.d/rc.local:
> echo "1" >/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
>
> [Snipped `dmesg`]
>
> scsi0: Tagged Queuing now active for Target 0
> 3c59x.c:v0.99H 11/17/98 Donald Becker http://cesdis.gsfc.nasa.gov/linux/drivers/vortex.html
> eth0: 3Com 3c905B Cyclone 100baseTx at 0xd000, 00:50:da:19:7a:7d, IRQ 10
> 8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface.
> MII transceiver found at address 24, status 782d.
> Enabling bus-master transmits and whole-frame receives.
> 10.100.20.51 sent an invalid ICMP error to a broadcast.
> 10.100.20.46 sent an invalid ICMP error to a broadcast.
> 10.100.20.39 sent an invalid ICMP error to a broadcast.
> 10.100.20.61 sent an invalid ICMP error to a broadcast.
> 10.100.20.29 sent an invalid ICMP error to a broadcast.
> 10.100.20.79 sent an invalid ICMP error to a broadcast.
> 10.100.30.5 sent an invalid ICMP error to a broadcast.
> 10.100.20.16 sent an invalid ICMP error to a broadcast.
> 10.100.30.6 sent an invalid ICMP error to a broadcast.
> 10.100.20.37 sent an invalid ICMP error to a broadcast.
> VFS: Disk change detected on device fd(2,0)
> VFS: Disk change detected on device fd(2,0)
>
> If a M$GARBAGE server is coming on-line at this time, probable
> because they crash often, they report that my machine is using
> their IP address so they fail to start their network. We have
> so-called documentation, provided by so-called network experts
> that "prove" that my machines are "hurting" the M$GARBAGE network.
>
> They have logged the specific hardware address (MAC) of my
> machine(s) and declare that my machines must be eliminated
> from the network to "assure the correct functionality of
> the important Win/NT Servers..."
>
> My machines are on an entirely different network, 204.178.40.0,
> with a netmask of 255.255.248.0, (x.x.40.1 -> x.x.47.254),
> broadcast is at 204.178.47.255. They share the same physical
> link (fiber and 100-base).
>
> These numbers are real. Our connection to the outside world
> is a Cisco that filters stuff, so no need to try to hack. There
> are a few machines that are visible for ftp, but there are no
> ports available for interactive stuff.
>
> Of course the M$GARBAGE is bullshit. However, how can I prevent
> the M$GARBAGE machines from "thinking" I am stealing their IP
> addresses?
>
> I think M$GARBAGE machines, upon startup, send an ICMP to the
> network address and "listen" for their IP. This, after setting
> their IP address to 0.0.0.1 and their network address to 0.0.0.0.
> This is what they "seem" to be doing upon startup from what I
> can "sniff". I can't see everything because the "smart switches"
> prevent me from seeing very much.
>
> Maybe there is someway to filter Linux machines against this intrusion?
> Nobody is suppose to be pinging the network address or the broadcast
> address anyway.
>
> Cheers,
> Dick Johnson
>
> Penguin : Linux version 2.3.41 on an i686 machine (800.63 BogoMips).
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 29 2000 - 21:00:13 EST