Can devices steal MAC allocated IP addresses?
Solution 1:
On the router I set a static IP 192.168.1.20 to Mac Addresse XYN:123
No you didn't, you created a DHCP reservation - these are different, though the outcome is the same. You will have an IP conflict that will result in degraded connectivity for one or both computers. Your colleague is roughly correct, though I have no idea what he means by "stealing packages."
Solution 2:
On the router I set a static IP 192.168.1.20 to Mac Addresse XYN:123
Now a new device XXX:999, sets in its network card to always use addresse 192.168.1.20
I'm not sure about this naming schematic as it looks like more of a hostname:port
combo than a mac address.
Let's pretend that:
- on the
DHCP Server
you set a static reservation forxx:xx:xx:xx:xx:xx
to192.168.1.20
- This device connects to the network and properly goes through DHCP channels
- A new device with the mac address
yy:yy:yy:yy:yy:yy
connects to the network and attempts to use a locally configured static IP address192.168.1.20
Anecdotally: My Oracle Linux servers (SEE: Red Hat based) check to see if the address is in use on the network before fully bringing the NIC up. Windows Machines will attempt to bring the NIC up, detect the conflict and report warnings about an ip address conflict
Ultimately: The behavior is undefined and different operating systems will employ different procedures to rectify / ignore the issue. If two device are brought up on the network with the same ip address, all nodes on the subnet will have an arp entry
mapping the IP to one of the two MAC ADDRESSES
. Since there are conflicting IPs, this mapping may be different on each node. For technical discussion see the following: Entry on ARP Spoofing
In an enterprise network it may be wise to have hardware / software that attempts to detect and block such attempts.
Executive Conclusion: If two nodes are brought up successfully on the same subnet with the same IP address, there will be connectivity issues for at least one and probably both nodes. These issues can chain outwards to affect the entire network if either node is hosting critical services.