Duplicate Mac Addresses?

[billyblaxsta]

AIUI in theory two duplicate MAC addresses on the same network will have cause problems.

Imagine, for example, that for a pay wireless service, a user spoofs his MAC address to appear the same as that of a paying user to get free service (with the client MAC information obtained from airodump-ng).

What might happen in reality (rather than in theory) considering there are now two IPs that share one MAC?

Thanks.

[Sparda]

Depends on how the AP maintains the session for the paying user. It may be the case, for example, that the IP and MAC address have to be the same. Either way, having two computers with the same mac or IP results in the network not working right for either client.

[digip]

A lot of the questions you ask are basic networking fundamentals. It would probably do you a lot of good and you would enjoy it, to take a class on networking, or even a cisco networking course. Even a book such as one to study for the comptia network+ cert would do you well.

Because networking devices require a unique way to identify end devices, any time there are two devices with the same IP, its going to throw a wrench into the mix. More than likely, the second device will get an error about the address already being in use, but in terms of wireless could perpetually keep knocking each other off the network and since DHCP would want to give the same IP to the MAC associated in its address table for an existing lease to the last device to send packets to it. Traffic would start to get split between the two, and eventually, just loss of data and retransmission of packets to end devices not intended for, and they would start dropping at the end nodes, when its traffic that wasn't requested by the specific device. That is for TCP, unless it was all UDP, by which the sender doesn't care who receives it, it never does error checking or retransmission of packets in a UDP scenario.

Basically, unless you are trying to attack a network and wreck havoc on it, don't try enforcing the same MAC and IP as an existing device. The most people use spoofing for, is when a router has MAC address filtering in place, and they want to get on the same network, but if the other device is already on the same network, it will just cause issues for both parties.

http://en.wikipedia.org/wiki/MAC_address#Usage

Edited August 17, 2011 by digip

[Infiltrator]

Don't mean to offend you but next time you want to ask a question, you might want to do a bit of research on Google, I'm pretty sure you will find what you're looking for. That's what I would've done if I were you. Researching its a good method for learning and enriching your knowledge.

[combatwombat27]

Actually, I have seen this done firsthand in a live environment. I was at a certain bookstore that will be left unmentioned who has Internet free to their loyal customers. Without an member id you can't access anything. There was a person who sniffed up the network traffic and copied on customers mac. This customer was surfing the web on his laptop. This person cloned the mac of said customer and could immediately access the Internet, seeing as I wasn't the one doing it i was free to roam and being curious I moved back and forth behind the two laptops, the entire time the user was there they both could surf the internet fine and when the user left the "attacker" still had the access due to how the router works (if the attacker when inactive for an extended period of time his lease would expire though) again, not me, just some guy at the bookstore. Of course this all depends on how they have the network and access points setup so may not work well or at all in other environments. But confirmed threat in a certain large chain bookstore.

Edited August 17, 2011 by combatwombat27