[c-nsp] How they do that?
Tuc at T-B-O-H.NET
ml at t-b-o-h.net
Tue Sep 2 09:38:28 EDT 2008
Hi,
Not a Cisco specific question, but thought this group
would have the best insight.
After 10 hours on the road, I'm more dopey than usual. Pull
into a Marriott, and of course the first thing I do is hook the laptop
up. Normally, during the FreeBSD boot process I stop it and switch the
config over from a hardcoded IP/gateway (For use at home/office... I
need to be DMZ'd for somet things, so the IP is static) to DHCP. Wasn't
thinking straight and let it boot.
Oddly, it resolved all my NTP servers, but then couldn't sync
NTP time. Weird. My browser autostarts when I bring up X, and all of a
sudden its on the Marriott site and asking me to validate I really want
to use the net for free. I click it, and I'm good to go.
So, I wonder if I just happen to use the same range, and oddly
the same gateway (Non standard) as the hotel. I don't think anything of
it.
I go to dinner, come back, and notice on my console its
complaining :
Sep 2 09:12:58 himinbjorg kernel: Sep 2 09:12:58 himinbjorg kernel: arplookup 192.168.50.1 failed: host is not on local network
I do a tcpdump and notice all sorts of IPs being handled by the
192.168.50.1 .... 10.'s, 172.'s, etc. I even see :
09:32:49.870101 CDPv2, ttl: 180s, Device-ID 'SW1_MDF', length 351
So how is this possible? Is there a protocol or something I
haven't heard of? How would it know where my default gateway is?
(Maybe just reply to every ARP with the 192.168.50.1 address? Sorta
looks it.. I just ping'd something that doesn't exist, and got :
? (192.168.3.23) at 00:08:02:3e:b3:0f on xl0 [ethernet]
Oddly an entry for 192.168.3.1 exists, which I would never
ping for. Guess it tried to force a gateway on me. :)
Then maybe when it gets a packet, it inspects it. If it is
going to a real net address it plays gateway, if it isn't it just drops
it?
Thanks, Tuc
Thanks, Tuc
More information about the cisco-nsp
mailing list