# How do I KILL this address?

## curmudgeon

This one has baffled a very knowledgeable Linux network admin.

Booted from a gentoo live dvd.

Killed dhcp, network manager, and brought down eno1.

ifconfig eno1 192.168.0.12 netmask 255.255.255.0 broadcast 192.168.0.255

route add default gw 192.168.0.254

```

ifconfig -a

eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 192.168.0.12 netmask 255.255.255.0 broadcast 192.168.0.255

ether 00:11:22:33:44:55 txqueuelen 1000 (Ethernet)

RX packets 10112080 bytes 4069965888 (3.7 GiB)

RX errors 0 dropped 871 overruns 0 frame 0

TX packets 3581955 bytes 295420873 (281.7 MiB)

TX errors 1 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10<host>

loop txqueuelen 1 (Local Loopback)

RX packets 4086 bytes 348889 (340.7 KiB)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 4086 bytes 348889 (340.7 KiB)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlo1: flags=4098<BROADCAST,MULTICAST> mtu 1500

ether 66:77:88:99:aa:bb txqueuelen 1000 (Ethernet)

RX packets 0 bytes 0 (0.0 B)

RX errors 0 dropped 0 overruns 0 frame 0

TX packets 0 bytes 0 (0.0 B)

TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

```

The probllem? Machine (and router) think it is ALSO 192.168.0.1 (which is in the dhcp range).

Answers arp requests (with the ethernet card mac address) from the router for 192.168.0.1 (as well as 192.168.0.12).

Replies to pings for 192.168.0.1 (as well as 192.168.0.12).

This is not some unexpired dhcp lease (it has been going on for three weeks).

One application was sending requests as if it were 192.168.0.1, but I finally put an end to that.

Still can't get rid of it, though. Any ideas what is keeping it alive?

----------

## NTU

ARP traffic is by default, all allowed, bidirectional. Unless you're using arptables, you'll be able to reach anything on the same network over ARP.

If you don't want to be able to ping 192.168.0.1 you'll need to break ICMP for that IP via iptables.

```
iptables -A INPUT -s 192.168.0.1 -j DROP

iptables -A OUTPUT -d 192.168.0.1 -j DROP
```

Duplicate same rules for arptables? Not sure if this answers your question?

----------

## curmudgeon

I want the machine (and the router) to only see itself as 192.168.0.12. The address 192.168.0.1 should not exist. The machine should not think it has it. It should not answer apr requests or pings on that address, and the address should be available for the router to assign (via dhcp) to another client.

----------

## Atom2

 *curmudgeon wrote:*   

> Any ideas what is keeping it alive?

 Does your system have a (shared) Intel AMT interface or another (shared) remote management LAN interface like IMM (IBM slang) or iLO (HP slang) - I am sure there are other names as well - getting its IP address from DHCP or being statically set to 192.168.0.1?

Any such shared interface could explain why the system is answering against two IP addresses using only one MAC-address.

Those management interfaces also do not usually show up in the OS and thus are not visible from an ifconfig command.

If that's the case you would need to either disable AMT or any other management interface in the BIOS or give it a completely different IP address (either within the same subnet, but outside the DHCP range, or even within a completely different subnet).

Atom2

----------

## curmudgeon

I certainly don't think it has anything like that. The machine is a rather standard low to mid range laptop of 2012 vintage.

----------

## Atom2

 *curmudgeon wrote:*   

> I certainly don't think it has anything like that. The machine is a rather standard low to mid range laptop of 2012 vintage.

 AMT was pretty standard in corporate/business laptops and was definitely already available in 2012 (I seem to remember that it was included in IBM/Lenovo Thinkpads back as far as the T61 which was produced from 2007 to 2009). It is sometimes also referred to as Intel ME and is connected with Intel vPro.

What make and model is your laptop?

----------

## Tony0945

That's the standard router address. Why do you want to kill it?

----------

## Ant P.

It would help to see output from something that's maintained. What does "ip addr" say?

----------

## curmudgeon

 *Tony0945 wrote:*   

> That's the standard router address. Why do you want to kill it?

 

I don't care what the "standard" is. On this network, the router is 192.168.0.254, and the dhcp range is 192.168.0.1-192.168.0.9. There is not supposed to be anything at 192.168.0.1 other than dhcp leases (and the rogue machine already has a static address).

 *Ant P. wrote:*   

> It would help to see output from something that's maintained. What does "ip addr" say?

 

Well, that is quite enlightening.

```

# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether 11:11:11:11:11:11 brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.12/24 brd 192.168.0.255 scope global eno1

       valid_lft forever preferred_lft forever

    inet 192.168.0.1/24 brd 192.168.0.255 scope global secondary eno1

       valid_lft forever preferred_lft forever

3: wlo1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000

    link/ether 22:22:22:22:22:22 brd ff:ff:ff:ff:ff:ff

```

Figured I could solve it from there. The man page was worthless (because I don't have it installed - iproute2 was compiled with the minimal use flag - meaning no man pages, an man ip brought up some other ip man page), so I put duckduckgo to work, and quickly found a tutorial page for configuring interfaces.

```

# ip addr del 192.168.0.1/24 dev eno1

```

Pretty simple actually, if you know how to use the tools you have (which I clearly didn't).

Thank you. Not only did I solve the problem, but I am now committed to ditching ifconfig (and will reinstall iproute2, making sure I get the documentation this time).

----------

