duplicate mac addresses requesting dhcp server

Simon Hobson dhcp1 at thehobsons.co.uk
Wed Oct 18 12:31:10 UTC 2006

At 22:01 +1000 18/10/06, Glenn Satchell wrote:

>  >>With this question I meant that if the dhcp server has already 
>served a mac1
>>>with ip1 (so there's an entry with mac1:ip1 in the dhcp.leases file) and
>>>another pc2 with its mac spoofed to mac1 comes along and asks the dhcp
>>>server for an IP, will the dhcp server (before assigning an IP to pc2) check
>>>in the leases file to see if it already assigned an ip to mac1?
>>Yes, it will look in the leases file, find an existing lease, and
>>simply extend it. To the server, there is likely to be little (if
>>anything) to differentiate between pc2 and pc1 simply checking it's
>>address is still valid after (for example) waking from sleep.
>>Unless they supply different Client-IDs, then pc1 and pc2 are the
>>SAME client as far as the server is concerned - it has no way
>>whatsoever of detecting such duplicate MACs.
>With a broadcast request the dhcp server will try to ping the IP
>address first to see if the IP address is in use. If the two hosts with
>the same MAC address are on the same subnet then it will confuse things
>big time. That is the router does an ARP to get the mac address for the
>given IP and gets two different responses back...
>I think the thrust of what Simon is saying is that the dhcp server
>cannot tell the difference between two clients with the same mac

Yes, that is what the thread is about. So in the case above, the 
server would get the broadcast from pc2, do an arp request, and get 
the same mac address back in a response from pc1.

More information about the dhcp-users mailing list