Path: utzoo!utgpu!CUNYVM!IBMTCP-L Date: Mon, 26 Feb 90 11:20:14 EST Reply-To: IBM TCP/IP For VM List Sender: IBM TCP/IP For VM List From: Mike Hojnowski Subject: Re: Confused/confusing VM TCP/IP To: UofToronto LAN redistribution References: Message of Thu, 22 Feb 90 10:19:14 EST from Message-ID: <90Feb26.123451est.58118@ugw.utcs.utoronto.ca> Newsgroups: list.ibmtcp-l Distribution: ut Approved: devnull@gpu.utcs.toronto.edu On Thu, 22 Feb 90 10:19:14 EST Paul Goodwin said: >We have also had an instance where a user started up a MACII and duplicated >our mainframe's IP address. Apparrently, the MAC sent out a message saying >'this is my IP address, and this is my ethernet address', which was picked up >by the big system. It saw it's own IP address, and updated the online version >of it's ethernet address. This is one of the biggest security mistakes you can make. If your IBM mainframe is used for anything you would consider "production", you should have it on a separate wire, isolated by a router. Putting a mainframe on the same wire as a personal workstation is begging for security exposures and availability problems from mistakes like you experienced. >Our 'fix' was to shutdown and re-ipl the TCP/IP account and reset our 8232. > >I am not sure if a fix is available for this; our solution was to tell the >MAC user not to do it again.... :-) The "fix" is to remove the mainframe from the same wire as users. The "workaround" when this problem occurs again (and I'm sure it will), is to shoot the MAC user, remove his machine from the wire, then issue the OBEYFILE command with a profile which contains a single "translate" statement with no parameters. This will cause the ARP cache in TCP/IP to be flushed, and you should be back online without shutting down TCPIP. Mike