Man in the Middle Attack? And How to Stop It

Please help me ASAP. I think I'm sufferring from a man in the middle attack or some other network abuse. I don't think I configured the network wrong...

Here's the situation:

I have a server, with an IP. It's running Windows 10, and called filesrv. I also have a machine called rasperrypisvr, with a different IP. When I try to vnc to filesrv, I get rasperrypisvr, instead! All of rasperrypisrv's IPs, work fine, as expected.

I already tried to check the DHCP server, which looks OK, and then I checked the arp table. Looks like no issues there, either. I guess I'll try to reboot the machines as well, and let you know how it works.

Nice! Rebooting both machines, solved the problem. Why??? Sorry to bother you guys, but at least, if it happens again, there's more documentation on it!

I guess I DO need help. Because closing the lid, makes it happen again, and I bet the same solution will work. I told it now, though, not to fall asleep after some time. Maybe that will help?

So, here's my workaround for now, make sure the server laptop has it's lid closed BEFORE raspberrypisvr is started. If I have to reopen the lid, shutdown raspberrypisvr, and then, after the lid is closed, start it. Yep folks! It really matters! It's weird! I've never seen a problem like this before!

How do you do name-resolution for names like "fileserv" and "raspberrypisrv?" Do you rely on hosts-files or do you rely on a name-resolution service?

Check your hosts file. It's in /etc/.

For connecting to Windows, RDP > VNC, IME...

Use the ip numbers. That will tell you if it is a DNS update problem.

So I WAS connecting by IP number. I don't have them memorized, so I was looking that up in the DHCP server. I use DNS for name resolution, when it is able to be working. However, I'm working on some changes for my DHCP server, and then I can update DNS. Then, I can use DNS names for vnc, and it will be much easier.

Working on backup today, trying to see if most of my backup works or not. I'll know tomorrow. I'm likely going to replace my server 2019 machine with a Linux server, but it's running for now. I did this to learn for school. I learned both AD using Linux, and AD using server 2019.

The names, are what I call them, but they are not too far off to the names that belong in DNS. DNS is just a little more formal and unambigous.

I just realized something! There is a slight chance, that it's an ip conflict. I wonder if I'd set a static IP for raspberrypisvr? I'm not home, but I'll check it to see if it matches what filesvr's are. I don't think it's a DNS conflict, but I could check later, since I wasn't using DNS at that time, since it needs to be fixed. However, it would suddenly make some sense, if it's an ip conflict, because if there is one, it seems to randomly send packets to one or the other. Why didn't I think of that before? Why the lid behavior, I don't know though.

I had to modify configuration on the raspberry pi, so that it could run headless. Maybe in doing that, I set a static ip, and didn't change it when the dhcp reseveration changed?! Let me check when I get a chance.

A haiku about DNS:

It’s not DNS
There’s no way it’s DNS
It was DNS

I like that haiku. We'll see if it really applies here or not, with a little troubleshooting, when I get home today.

Guess what? Definately an IP address conflict! I confirmed it for sure. When I had both filesvr and raspberrypisvr turned on, I clearly could look up what ip they had, and they both had the same IP. Now you'd "think" the solution is simple. But it seems, I have forgotten how I modified the raspberry pi, so I could get it to this point.

That was why the raspberry pi was acting strangely, and the issue did cause the lid to need to be closed at certain times. So folks... For those who don't know, if you have an ip conflict, when you try to send data to an ip, since two machines have the same one, it doesn't know where to go, so it randomly goes to each machine, so some packets may go to one, and some may end up at the other. There is no way of telling which will end up where. That's why the rule exists, that you are not supposed to do it.

As for how it happened, I didn't just assign them to the same ip statically. I'm pretty much past the point where I make that mistake, way past it. What happened, was that as part of my fix, making the raspberry pi work at all, I set it statically. I had the DHCP server tell me, to assign it to that same address. The fact that it never used the DHCP server, was irealivant.

So then, I needed to make a change to the IP addresses. I'd forgotten to change the static IP to match. Only, now I forgot what that initial setup was.

But this is where people can help. So that's why my forum service is critical. If I'd done as I'm supposed to, I could simply look up what question I'd asked, plus the solution to the problem, that caused me to need to modify files. However, it looks like I didn't link it there. Please help me locate that solution, starting to look on this site. I think I know how to start, I'm taking inititive and starting now.

The whys, is I was unable to even run headless, as I need to, without such modifcation. Starting from scratch is always an option, if need be.

Doesn't look like I asked a question on linuxquestions.org. My next guess, is raspberry pi forums. I'll check there.

Doesn't look like I have an account there.