OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] same ip for two interfaces
From: alex medvedev (alexmpycckue.org)
Date: Thu Nov 02 2000 - 08:40:45 CST


hallo,

> The whole thing is interesting from the academic standpoint. What would
> happen with two interfaces of the same IP?

i would say nothing interesting should happen.
i think the other machines (say gateway) will send an initial arp request
and will get an ip address + mac of one of the cards from the problem
machine, maybe macs of both, but that does not matter.
let's say the gateway got both macs and has its arp table like this:
1.2.3.4 xx:xx:xx:xx:xx:xx eth0 on machine under discussion
1.2.3.4 xx:xx:xx:xx:xx:xy eth1 on machine under discussion
so when the gateway needs to talk to 1.2.3.4 machine it will check its arp
table, find out that 1.2.3.4 has mac of xx:xx:xx:xx:xx:xx
and start talking to that card without even looking at xx:xx:xx:xx:xx:xy.
therefore, the second card will sit idle.

i could be wrong here.
the best way to find out is to run a tcpdump on both interfaces and see
what mac addresses are flying on the wire.

some other oses (like AIX) create an implicit route to its own subnet when
an interface is brought up.
but then, when it brings up the second interface and tries to establish
an implicit route aix will not let you have a route to the same subnet
since it already exists, thus adding route to its own subnet
fails. therefore the second card will not even
show up in the routing table.
the above is true even for two cards on the same subnet.
but aix is not linux...

bye,

-alexm

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com