Pinging a host that has an incorrect gateway set

Posted on 2013-12-22
Medium Priority
Last Modified: 2013-12-29
If I ping a host in a different subnet – separated by a router – and the destination host has an incorrect or missing default gateway set, will my ping succeed? What about a TCP connection like telnet or RDP? Is Linux behaviour here different to Windows?
Assumptions: my settings are correct, correct IP, GW, SM. The routers settings are correct. On the destination host, the IP and SM are correct; just the GW is wrong or missing.
Thanks in advance
Question by:mikhael
LVL 47

Accepted Solution

Craig Beck earned 500 total points
ID: 39735161
No it won't work usually.  The PC in the other subnet won't know where to send the reply as it doesn't have the correct gateway.

If the other PC uses a different router address to the one the sending PC uses, it may have some success if routing is configured to redirect the other PC to the correct gateway.

However, if your network uses Proxy-ARP the PC with no gateway (not the wrong gateway) may be able to reply correctly.  If the gateway is set wrong it will fail unless routing is redirecting as I explained in the previous paragraph.
LVL 72

Assisted Solution

Qlemo earned 500 total points
ID: 39735174
Agree. The application protocol does not matter, that is telnet or RDP will be treated the same, and ICMP isn't different, though it is a different network layer.

Everything IP-based needs to know the route back to the source, as TCP/IP is defined as not requiring replies to travel the same way back they came in. If it were that way, every hop on the way would have to temporarily store the session info to allow that. Or packets would have to store the complete route they used. Both would require a lot of overhead, either in the packets or routers' memory, without any particular advantage.

The only way the setup with a "wrong" gateway works is if the "wrong" gateway still has sufficient forwarding info to direct the packet to another router which the proper info.
LVL 62

Expert Comment

ID: 39737123
You must use other machine in same subnet (physical and logical) as bad machine and reconfigure it.
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!


Author Comment

ID: 39737339
Thanks guys, that's what I thought - or rather what I've read. My question is kinda hypothetical. Years ago, I believed it would work, because I had experienced it working. Maybe it was Proxy-ARP or some sort of caching.
But I thought TCP being a "connection" protocol (as distinct to UDP, say) maybe establishes the connection and the reply "knows" the path back?
LVL 72

Expert Comment

ID: 39737771
Explained in http:a39735174 - the reply only knows the target, not the way. The path taken is not recorded in the packet, and that would be a prerequisite.

Recently we had network integrated devices (based on RTOS) with a incomplete implementation of the TCP/IP stack. That led to ignoring the subnet mask, and just blowing out all traffic back as if it were on the same network, no matter of IP addresses.
So, if the TCP/IP stack implementation is buggy, it might work without gateway, but only if no routing is needed. That is, two IP networks on the same physical network.
LVL 39

Expert Comment

ID: 39745629
It worked because of a fixed route or a cached route in Arpcache.

Author Closing Comment

ID: 39745645
thanks all.
I appreciate it

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question