this post was submitted on 13 Jul 2023
749 points (98.2% liked)

Memes

45901 readers
2034 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
top 15 comments
sorted by: hot top controversial new old
[–] doctorpain 24 points 1 year ago

Gotta protect your subnets

[–] [email protected] 21 points 1 year ago (3 children)

I'll take the /30, because I don't want to share a subnet with someone else!

... Incidentally I know a "serious" organization IRL which actually takes this to heart (NSFL, and I promise this is a real, production machine):

x: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether <redacted> brd ff:ff:ff:ff:ff:ff
    inet 1.2.3.4/30 brd 1.2.3.7 scope global br0
       valid_lft forever preferred_lft forever
[–] [email protected] 10 points 1 year ago (1 children)

Uhm... Is there a translation for people who don't speak machine? I'd really like to get this joke

[–] [email protected] 13 points 1 year ago* (last edited 1 year ago) (2 children)

I'll try my best:

This text shows the network interface config for a device. Ip is 1.2.3.7 in the subnet 1.2.3.4/30

IPs are 32-bit numbers that represent the addresses, machines in a network use to communicate. Each IP is part of a network. A subnet is a defined subset of a network and represented by a number of 0-32 showing the number of bits at the end, that can be altered.
For example your home network is probably in the subnet of 192.168.0.0/16
This means that your IP starts with 192.168 and the 16 shows the size of the subnet. IPs in that subnet are 192.168.0.0 all the way to 192.168.255.255.
All devices in this subnet are local. You could also make smaller subnets inside this one to structure you local network or (and that is why companies use this) to allow devices in the same network to connect to each other or to disallow devices in different subnets.

To do this, a gateway is brought into the network. Its purpose is to connect multiple networks. At home your router can do this but in a company there probably is a dedicated firewall-machine.

The gateway also needs an IP. So in this "joke" the server is in the net starting with 1.2.3.4 and only the last 2 bits can be changed. So the IPs are 1.2.3.4 to 1.2.3.7.

The first IP (1.2.3.4) is reserved for the network, the last is broadcasting (1.2.3.7)and we also need a gateway (1.2.3.5) so we only have one IP left (1.2.3.6) so this device is really "secure"...

A Firewall could do the same and a lot of other things as well, but some companies are weird and networking is hard™.

Btw.: I think his 1.2.3.7 should be a 1.2.3.6

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

I didn't doctor the copy/paste (except for redacting the MAC address)... Weird, now I've been nerdsniped.
EDIT: No, this makes sense... but is also worse: Network address is 1.2.3.4, usable IP range is 1.2.3.5, 1.2.3.6 and broadcast is 1.2.3.7... Which means they're assigning the network address somehow. And I guess somehow the router/remote device just says "ok"... I'm leaving this alone lest I lose more of my sanity.

(Also there are lots of parallel subnets and, to the best of my knowledge, no firewall doing anything meaningful between them... shrugs)

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Wait! You're right... I misread that, because everything is abbreviated and I don't look at ifconfigs that often
"brd" is broadcast
"inet" is the real IP plus the netmask

Wtf!

[–] [email protected] 3 points 1 year ago

Thanks very much for this explanation!

[–] [email protected] 2 points 1 year ago (1 children)

Is 1.2.3.4 even private or do you guys actually own that range?

[–] [email protected] 3 points 1 year ago

Hahahahahaahahahah

Standards only apply if you care. And these guys certainly don't! Welcome to the world of ~*~ The Sad Corporate Reality ~*~

[–] [email protected] 2 points 1 year ago

When Palo Alto sells your dipshit CIO one firewall appliance per virtual server. “Somehow. Someway,” says the salesperson, “we’re gonna get even more firewalls in here!”

[–] buycurious 8 points 1 year ago

Anything else they can offer because it burns when IP?

[–] NothingSpecial 6 points 1 year ago

Some people wouldn't get this.

[–] [email protected] 1 points 1 year ago
load more comments
view more: next ›