On Thu, 17 Feb 2000, Nat wrote:
> > Secondly, if this works, are there any networks that don't allow two
> > computers to send packets with the same source IP, but only one computer
> > is receiving packets on that IP?
>
> Can't answer the first question, but I was under the impression that a
> good ethernet hub (like the large ones Yale has all over) can be
> configured with a security option that does this. I'm not clear on
> whether the security option merely limits the EHAs through each port to
> one, but I'm pretty sure it's intended to prevent packet sniffing- that
> is, only one computer can receive info directed to a certain address
> (what kind I'm not sure).
I think these hubs ("smart" hubs from HP, usually) do just the opposite:
they prevent multiple hardware addresses from receiving incoming packets
through the same port. They don't, to my knowledge, prevent outgoing
packets with different IP addresses. (The former is enough to prevent
simple packet sniffing, and keep in mind the box functions on a fairly low
level -- it's a hub, not a router. What business does it have speaking
IP? :) )
> This does seem to be on the hardware rather than software level, but I
> think it accomplishes the same thing. I wouldn't have though that it'd be
> possible to prevent sending packets with someone else's IP address, aside
> from the impossibility of actually sharing said address.
Keep in mind what "sharing" an address means. It's not "impossible."
We're dealing with, at the lowest level, connectionless protocols. To
"receive" packets intended for a particular IP address doesn't involve any
persistent "parking" on an address at that level. It simply means that a
host will ARP for that address and choose to process packets that are sent
to it.
The high-level "someone else is using this IP address, so I won't" is a
choice by most rational network stacks that's generally, as far as I know,
based on simply ARPing for an address before "deciding" (*internally*) to
use it. Then, the stack notices if someone else is using the address and,
often on desktop machines, shuts off its interface to avoid problems.
Mass confusion could result if multiple, uncoordinated hosts responded to
ARP requests for the same IP address, but there's no real impossibility at
the IP layer.
Sasha - to answer your question, no, I don't think most networks care
whether multiple hosts (i.e., hardware addresses) are sending packets with
different IP addresses, although I'm not sure enough about router
configurations to know how confusing such a situation really would be.
(What if someone, like a router, seeded its ARP cache based on packets it
relayed? I have no idea if anyone actually does that or if I just
invented the possibility. :) )
Shawn
This archive was generated by hypermail 2b29 : Wed Apr 27 2005 - 03:30:03 EDT