[Tfug] duplicate ip address (off topic)

Shawn Nock nock at email.arizona.edu
Thu Feb 8 09:09:42 MST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

evorrie at comcast.net wrote:
> I would assume that whatever is in the gateway's arp cache it would respond to that address first, followed by intermittent connectivity on both computers.

It can sometimes be worse... In a switched environment (with crappy
switches). This type of problem is often used as an attack to bomb the
MAC addr cache on the switch and turn it into a hub. This slows
performance, but also allows for more classical network sniffing to occur.

Generally this attack requires a lot of traffic (and usually multiple
address conflicts), it seems that in my experience is in sync with the
previous post (e.g. the usual symptoms are intermittent connectivity
issues due to ARP resolution race conditions at the
switch/gateway/whatever).

Shawn

- --
Shawn Nock (OpenPGP: 0xB64200E1)
Unix Systems Group; CCIT
University of Arizona
nock at email.arizona.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFy0tFbbRzLz6id34RAsPcAJ9v1lYasjmWqqlZCiI6BtS7E4bEHgCfV5k0
2XTeH4w2V8lsGGxU70M3Y+E=
=A4Mm
-----END PGP SIGNATURE-----




More information about the tfug mailing list