From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-115667-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1P6C8u-0004sZ-Jq
	for garchives@archives.gentoo.org; Thu, 14 Oct 2010 00:58:00 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 42DFBE08C2;
	Thu, 14 Oct 2010 00:57:37 +0000 (UTC)
Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 01BB5E08C2
	for <gentoo-user@lists.gentoo.org>; Thu, 14 Oct 2010 00:57:36 +0000 (UTC)
Received: by wyf22 with SMTP id 22so7376777wyf.40
        for <gentoo-user@lists.gentoo.org>; Wed, 13 Oct 2010 17:57:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:received:in-reply-to
         :references:date:message-id:subject:from:to:content-type;
        bh=5oQorVqzcq5ZTVC9MWctlq5NX8zg5wvyapoDSMcpGh8=;
        b=D235zs8uMxrTDNT+GjiMXug1FoVifuIq+EoPjuPVcb1DBHqY7s71IDdXRcNVPcSpOv
         MqL2mzRHGB4usWC3wkUSv7sZuSv56iiXCm2GYWlpnTBrWAaqeilxEgCJ1dGQ4Hj+5xkx
         XYqB5moN4Q1eeQHRMxUymQdCYemm4mVEzhqFc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=pVI3YwjzEdmDlbNVjJLdKtACBboaq6bNS/CCbmChfs1yiCGMSY4hzWggnhm0/OInzb
         XcdjNj11yavn0bHjKTip8RcQktrPtGCJ2h2cksibrm4enMIJgb3lhyNVSOyDg/LwW+Sd
         zNJPjwCp88ClxFEeVomRW8D5owgyq7ARaZeAU=
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.216.186.207 with SMTP id w57mr746337wem.19.1287017856479; Wed,
 13 Oct 2010 17:57:36 -0700 (PDT)
Received: by 10.216.21.141 with HTTP; Wed, 13 Oct 2010 17:57:36 -0700 (PDT)
In-Reply-To: <AANLkTi=ddp84gR-a-xBpLhJzqwOhbd-0CPsSAS2VeWhe@mail.gmail.com>
References: <AANLkTimX3aBuUeZJxOb_+Tcwj-wajOe2wtC6Jsj07nL0@mail.gmail.com>
	<i92mge$6us$1@dough.gmane.org>
	<AANLkTikXST0EiHD0NbHU6HSqAXFUeYKBVc9LLjWhs4U3@mail.gmail.com>
	<AANLkTi=ddp84gR-a-xBpLhJzqwOhbd-0CPsSAS2VeWhe@mail.gmail.com>
Date: Thu, 14 Oct 2010 11:57:36 +1100
Message-ID: <AANLkTikNmb_mrhXXCvan7T2X0app8=24m65FdOy5G-MX@mail.gmail.com>
Subject: Re: [gentoo-user] Re: Slow Login, Sudo, etc.
From: Adam Carter <adamcarter3@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: multipart/alternative; boundary=001485f1e2e827b19704928932e2
X-Archives-Salt: c1eead34-0d31-4fb7-93cc-133a009331fc
X-Archives-Hash: 6d5088161f0497b77711d7d471ae0e48

--001485f1e2e827b19704928932e2
Content-Type: text/plain; charset=ISO-8859-1

> > The main correlation I've seen so far is with dhcpcd.  Sometimes at my
> > work I get a 192. IP (which doesn't work), and other times I get a
> > 133. IP (which is correct).  In fact, sometimes dhcp is giving me an
> > IP address and resolv.conf related to a university I was visiting like
> > a month ago.
>
> It sounds like someone at your work might be (accidentally) running a
> rogue DHCP server...
>
>
For the 192 address - yeah, someone has probably plugged a WLAN or ADSL
router into the local network, and other people will be have the same
problem. If they were purposely running a rogue DHCP server to perform a Man
In the Middle attack you wouldn't notice any connectivity problems (assuming
they set it up correctly).

When dhcpcd fails to get a response from a DHCP server it will typically
fall back to Zeroconf/RFC3927 behavior and assign a a169.245.x.y address.

Getting the university address is very odd. AFAIK dhcpcd has no function to
fall back to the address from an expired lease.

Grep your logs for dhcpcd and post the result.

--001485f1e2e827b19704928932e2
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<br><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"m=
argin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); paddin=
g-left: 1ex;"><div class=3D"im">
&gt; The main correlation I&#39;ve seen so far is with dhcpcd. =A0Sometimes=
 at my<br>
&gt; work I get a 192. IP (which doesn&#39;t work), and other times I get a=
<br>
&gt; 133. IP (which is correct). =A0In fact, sometimes dhcp is giving me an=
<br>
&gt; IP address and resolv.conf related to a university I was visiting like=
<br>
&gt; a month ago.<br>
<br>
</div>It sounds like someone at your work might be (accidentally) running a=
<br>
rogue DHCP server...<br>
<br></blockquote></div><br>For the 192 address - yeah, someone has probably=
 plugged a WLAN or ADSL router into the local network, and other people wil=
l be have the same problem. If they were purposely running a rogue DHCP ser=
ver to perform a Man In the Middle attack you wouldn&#39;t notice any conne=
ctivity problems (assuming they set it up correctly).<br>
<br>When dhcpcd fails to get a response from a DHCP server it will typicall=
y fall back to Zeroconf/RFC3927 behavior and assign a a169.245.x.y address.=
<br><br>Getting the university address is very odd. AFAIK dhcpcd has no fun=
ction to fall back to the address from an expired lease. <br>
<br>Grep your logs for dhcpcd and post the result.<br>

--001485f1e2e827b19704928932e2--