| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 129513 | 2013-02-26 06:26:00 | MAC spoofing | victorcharlie (442) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1329924 | 2013-02-26 06:26:00 | To me it seems possible that a hacker can obtain my MAC address and use it to connect to my network. If so, what happens when two devices, with the same MAC address, connect to the network at the same time? | victorcharlie (442) | ||
| 1329925 | 2013-02-26 07:06:00 | I don't think they can | gary67 (56) | ||
| 1329926 | 2013-02-26 08:41:00 | Probably a big mess :p Wouldn't it largely depend on the network infrastructure? Could be a chance that data/traffic just gets forwarded to both clients/hosts requesting it? I don't actually know. I'm just speculating. |
icow (15313) | ||
| 1329927 | 2013-02-26 09:51:00 | These answers seem to have the most vote ... serverfault.com It's going to be dependent on the switch in use by the hosts in question. The hosts themselves have no awareness of the infrastructure to which they're connected and don't know which switch port the destination hosts are connected to. How exactly the switch handles the same MAC address registered on different ports is a matter for the particular switch in use. My guess is that the switch will forward the traffic to both hosts. I disagree that there will be an ARP storm. ARP is used to resolve IP addresses to MAC addresses. Your scenario doesn't suggest that IP to MAC resolution is going to break, only that 2 different IP addresses are going to be resolved to the same MAC address, which isn't in and of itself a problem as a single host may have multiple IP addresses. Your case is that 2 different hosts with different IP addresses may have the same MAC address, so packets may be misforwarded but that won't cause an ARP storm. ---------------------------------------------------------------------------------- superuser.com It really does depend on how the routers and systems on the network are configured. At our office, our machines will not connect to the local domain due to the collision in MAC addresses. You'll get a notification message (in Windows) saying there is already a system with the Id on the network. Sometimes you get into "races" where each computer attempts to register itself with the router, and any traffic coming to the machine can get lost since packet A will go to your machine, the other machine will register, so packet B will go there. Things can start bouncing back and forth. You can start seeing unreachable host errors due to the collisions as well. The results really do vary depending on when the duplicate machine is coming online and how the current infrastructure is setup to handle such items. Your network admin will have more detailed answers on this. |
Geek4414 (12000) | ||
| 1329928 | 2013-02-26 12:15:00 | Well depending what's happening, that's not how somebody would get to your network. If they wanted to do an arp spoof attack, they'd do things differently. If they wanna leech your wifi's, then don't stress too hard over it. What makes you ask that question? Seems like somebody has given you a *bit* of information, spreading some FUD, without explaining everything? |
Chilling_Silence (9) | ||
| 1329929 | 2013-02-26 21:18:00 | I've noticed an increased megabyte usage and started monitoring it using software (Networx), so I can compare that data with Telecom's. One problem is Telecom's data has a delay (Networx is real-time). Networx can't monitor game consoles/phones so I disconnected these, I also changed the Wi-fi password. If I compared the data right, then there's still a difference between Networx and Telecom, though not as big as before. |
victorcharlie (442) | ||
| 1329930 | 2013-02-26 21:30:00 | There will always be a difference coz it won't pick up things like if there's any errors on your line, it won't pick up things like pings to your router or port-scans. Get something, such as a Gargoyle router, if you *really* want to know for certain :) |
Chilling_Silence (9) | ||
| 1 | |||||