duplicate mac addresses requesting dhcp server

Glenn Satchell Glenn.Satchell at uniq.com.au
Wed Oct 18 12:01:53 UTC 2006

>X-Original-To: dhcp-users at webster.isc.org
>Date: Wed, 18 Oct 2006 11:28:09 +0100
>To: dhcp-users at isc.org
>From: Simon Hobson <dhcp1 at thehobsons.co.uk>
>Subject: Re: duplicate mac addresses requesting dhcp server
>X-archive-position: 2021
>X-ecartis-version: Ecartis v1.0.0
>X-original-sender: dhcp1 at thehobsons.co.uk
>List-software: Ecartis version 1.0.0
>X-List-ID: <dhcp-users.isc.org>
>X-list: dhcp-users
>Gilbert Coles wrote:
>>With this question I meant that if the dhcp server has already served a mac1
>>with ip1 (so there's an entry with mac1:ip1 in the dhcp.leases file) and
>>another pc2 with its mac spoofed to mac1 comes along and asks the dhcp
>>server for an IP, will the dhcp server (before assigning an IP to pc2) check
>>in the leases file to see if it already assigned an ip to mac1?
>Yes, it will look in the leases file, find an existing lease, and 
>simply extend it. To the server, there is likely to be little (if 
>anything) to differentiate between pc2 and pc1 simply checking it's 
>address is still valid after (for example) waking from sleep.
>Unless they supply different Client-IDs, then pc1 and pc2 are the 
>SAME client as far as the server is concerned - it has no way 
>whatsoever of detecting such duplicate MACs.
With a broadcast request the dhcp server will try to ping the IP
address first to see if the IP address is in use. If the two hosts with
the same MAC address are on the same subnet then it will confuse things
big time. That is the router does an ARP to get the mac address for the
given IP and gets two different responses back...

I think the thrust of what Simon is saying is that the dhcp server
cannot tell the difference between two clients with the same mac
address. There is no other distinguishing information in any of the
requests. If pc1 and pc2 are on different subnets it will simply look
like the client has been moved to a new location.

Remember dhcp is not a security device on its own.

Glenn Satchell     mailto:glenn.satchell at uniq.com.au | Some days we are
Uniq Advances Pty Ltd         http://www.uniq.com.au | the flies;  some
PO Box 70 Paddington NSW Australia 2021              | days we  are the
tel:0409-458-580  tel:02-9380-6360  fax:02-9380-6416 | windscreens...

More information about the dhcp-users mailing list