On Sun, Feb 10, 2002 at 01:42:48PM +1100, Will Lotto wrote: > Yes, they do throw up an error. I don't think they throw up. > ... Both cards believe the packets are destined for them. ... > basically, they'll fight :) Only a tcp/ip stack might consider that. Probably windows and solaris will bug you with it. Basically the tcp/ip stack should ignore packets that are not destined for them. So if two computers with the same mac address have different ip addresses, I really don't see what the problem can be, unless your stack does special checking for that, and for linux that is considered userspace stuff. So a normal linux box would not choke in a network with machines with the same mac address. If you get in any trouble it is caused by a switch, because a switch will not be able to handle a network where more than one machine has the same address... So experiment only on hubs with this... > To take a mac address, one needs to wait for a PC to go offline (or > take a PC offline), then steal the MAC. ... Stealing the MAC is very > easy, intel network cards let you SET the MAC in windows (under > advanced settings) ... in linux, there are programs that can do it, > which work with most cards. As a matter of fact: for standard ethernet drivers, just getting the MAC address from the eeprom can be very hard. Especially if you do not want to resort to busy waiting. For ethernet, there is no such thing as hardwired hardware addresses. Just to proof the point: for the lp486e driver you *need* to set the address by hand using ifconfig hw ether, or ip link set address, because it is to hard to get that assigned mac address from the BIOS. > As for protection, I don't believe there is a simple way to > protect against such an attack ... Encryption? :) Use switches that can "hardwire" a mac to a specific port. Then you will certainly know that a certain ether address came from a certain port. Next thing you do is turn of arp, and hardwire each host in your arp table. Now you are pretty save... -- <ard@telegraafnet.nl> Telegraaf Elektronische Media http://wwwijzer.nl http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html Let your government know you value your freedom. Sign the petition: http://petition.eurolinux.org/
