Tuesday, January 11, 2011

Invisible IP Addresses

I stumbled across something interesting the other day. I was working on a webserver which was configured to listen to traffic on a specific IP address defined within the Apache configuration. Oddly, this IP address did not show up in ifconfig, but the box WAS serving traffic for it. Even an ifconfig -a failed to show the IP. My only theory was that since the interface was brought down AFTER Apache started listening to that IP, it was somehow still wedged up.

So I confirmed the network init scripts, and rebooted the box. After the reboot, the device once again began listening to this "unconfigured" IP. As it turns out, this was due to how the interface was being configured.

/sbin/ip addr add 10.1.8.2/8 dev eth0:1

# ping 10.1.8.2 -c 1
PING 10.1.8.2 (10.1.8.2) 56(84) bytes of data.
64 bytes from 10.1.8.2: icmp_req=1 ttl=64 time=0.036 ms
--- 10.1.8.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.036/0.036/0.036/0.000 ms

# ifconfig eth0:1
eth0:1 Link encap:Ethernet HWaddr 00:25:64:c2:2f:6d
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:21 Memory:febe0000-fec00000

Read more: ##SECURITY (FREENODE) OFFICIAL BLOG