Date: Fri, 25 Feb 2000 13:09:39 -0500 (EST) From: "Richard B. Johnson" <root@chaos.analogic.com> To: Linux kernel <linux-kernel@vger.rutgers.edu> Subject: How to survive in a Micro$oft environment?? Alexy and other network gurus; When Linux network comes up during boot. I get a number of "invalid ICMP error to a broadcast" messages from the M$GARBAGE machines. These persist until I get to turn OFF the messages in /etc/rc.d/rc.local: echo "1" >/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses [Snipped `dmesg`] scsi0: Tagged Queuing now active for Target 0 3c59x.c:v0.99H 11/17/98 Donald Becker http://cesdis.gsfc.nasa.gov/linux/drivers/vortex.html eth0: 3Com 3c905B Cyclone 100baseTx at 0xd000, 00:50:da:19:7a:7d, IRQ 10 8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface. MII transceiver found at address 24, status 782d. Enabling bus-master transmits and whole-frame receives. 10.100.20.51 sent an invalid ICMP error to a broadcast. 10.100.20.46 sent an invalid ICMP error to a broadcast. 10.100.20.39 sent an invalid ICMP error to a broadcast. 10.100.20.61 sent an invalid ICMP error to a broadcast. 10.100.20.29 sent an invalid ICMP error to a broadcast. 10.100.20.79 sent an invalid ICMP error to a broadcast. 10.100.30.5 sent an invalid ICMP error to a broadcast. 10.100.20.16 sent an invalid ICMP error to a broadcast. 10.100.30.6 sent an invalid ICMP error to a broadcast. 10.100.20.37 sent an invalid ICMP error to a broadcast. VFS: Disk change detected on device fd(2,0) VFS: Disk change detected on device fd(2,0) If a M$GARBAGE server is coming on-line at this time, probable because they crash often, they report that my machine is using their IP address so they fail to start their network. We have so-called documentation, provided by so-called network experts that "prove" that my machines are "hurting" the M$GARBAGE network. They have logged the specific hardware address (MAC) of my machine(s) and declare that my machines must be eliminated from the network to "assure the correct functionality of the important Win/NT Servers..." My machines are on an entirely different network, 204.178.40.0, with a netmask of 255.255.248.0, (x.x.40.1 -> x.x.47.254), broadcast is at 204.178.47.255. They share the same physical link (fiber and 100-base). These numbers are real. Our connection to the outside world is a Cisco that filters stuff, so no need to try to hack. There are a few machines that are visible for ftp, but there are no ports available for interactive stuff. Of course the M$GARBAGE is bullshit. However, how can I prevent the M$GARBAGE machines from "thinking" I am stealing their IP addresses? I think M$GARBAGE machines, upon startup, send an ICMP to the network address and "listen" for their IP. This, after setting their IP address to 0.0.0.1 and their network address to 0.0.0.0. This is what they "seem" to be doing upon startup from what I can "sniff". I can't see everything because the "smart switches" prevent me from seeing very much. Maybe there is someway to filter Linux machines against this intrusion? Nobody is suppose to be pinging the network address or the broadcast address anyway. Cheers, Dick Johnson Penguin : Linux version 2.3.41 on an i686 machine (800.63 BogoMips). - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/