Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-22-2009, 02:35 PM   #1
Registered: Mar 2007
Posts: 303

Rep: Reputation: 16

I had three linux (one 32 bit: the other two and 64 bit) machines on a router with dynamic dhcp. The router (Zyxel) assigns ip addresses based on mac address.It always run perfectly, slogin and ssh, both in between the three machine or outside mainframes.

Recently I gave hospitality to a Windows 2000 machine, which could reach internet and could be seen on the internal network. It gave me no major problems, except for inducing changes in the internal ip addresses according to which machine was started first.

Now the Windows 2000 machine has taken the ip address of the 32 bit linux machine, which was left with the former ip address of the Windows 2000 machine. slogin to finds no route, while

francesco@tya64:~$ slogin
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/francesco/.ssh/known_hosts to get rid of this message.
Offending key in /home/francesco/.ssh/known_hosts:1
RSA host key for has changed and you have requested strict checking.
Host key verification failed.

Although the modem did not allow me to change the ip address of the intruding Windows 2000 machine, I understand the message (I should think behind, because I interconnected the machines long ago). However, how to prevent the Windows 2000 machine to intrude once the network is put in order? You should assume that I can't give the Windows 2000 machine a farewell.

Thanks for help
francesco pietra
Old 12-22-2009, 03:10 PM   #2
Senior Member
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
If you set dhcp reservations on your router this problem shouldn't have occurred, unless I'm misunderstanding what you are saying.

I would either set static ip addresses or use dhcp reservations, then remove the offending key from known_hosts once you are sure you're connecting to the correct machine

Old 12-22-2009, 03:11 PM   #3
Senior Member
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 167Reputation: 167
Remove line 1 from /home/francesco/.ssh/known_hosts and then verify that nothing nefarious has really happened (after removing it, you'll be able to ssh to it again.)
Old 12-24-2009, 02:29 AM   #4
Registered: Mar 2007
Posts: 303

Original Poster
Rep: Reputation: 16
Originally Posted by rweaver View Post
Remove line 1 from /home/francesco/.ssh/known_hosts and then verify that nothing nefarious has really happened (after removing it, you'll be able to ssh to it again.)
Thanks, also to previous subscriber. Removed the 1st line as you suggested from the 64bit machine which found difficulties in connecting to the 32bit machine, everything run fine among all three machines. All that in spite of a wrong situation as viewed from AdvancedSetup ... Network ....LAN ...ClientList as concerns the "ligth-on" machines

1 ligth-on 00:02:44:A8:E9E Reserve OK (deb32)

2 ligth-on 00:30:48:57O:76 Reserve NO (deb64)

3 ligth-on 00:E0:81:571:BB Reserve OK (tya64)

4 ligth-on 00:30:48:57O:76 Reserve NO (Windows 2000)

As you can see, the Win 2000 machine has the MAC address of deb64. If I detach the Win 2000 machine from the router, line 4 above disappears. Reconnecting Win 2000 to the modem, only the three linux machines are "lighth-on".

I tried unsuccessfully to modify "Reserve" from the router. Also, I found no way to either reserving dhcp or setting static ip addresses. In my hands, the ip addresses are assigned by the router. I must recall that I have dynamic dhcp. If I go to

AdvancedSetup ... Network .. LAN ... DHCP-Setup, what is sees is

that the IP pool address is to (deb32).

If I go to AdvancedSetup ... Network .. LAN ...IP, what is seen is:

IP adress (which is the one of the modem).

Well, probably I always had this situation.Now I am able to talk from one machine to another one. Sorry from being unable to do better.


Old 12-25-2009, 07:12 AM   #5
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681
Moved: This thread is more suitable in Security and has been moved accordingly to help your question get the exposure it deserves.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Can encryption beat a man-in-the-middle attack? Ulysses_ Linux - Security 6 11-23-2009 05:07 AM
"Man in the middle attack" works against mix network? How to prevent? argh2xxx Linux - Security 6 09-28-2008 03:39 AM
man in the middle attack atul_mehrotra Programming 12 09-22-2004 11:48 AM
man in the middle attack atul_mehrotra Linux - Security 4 09-22-2004 09:02 AM
Man in the middle attack juanb Linux - Security 17 03-29-2004 01:03 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:33 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration