LinuxSA Mailing list archives

  From: Mark Smith <marks@senet.com.au>
  To  : David Newall <davidn@rebel.net.au>
  Date: Wed, 07 Apr 1999 21:30:46 +0930

Re: Duplicate MAC addresses

Here is something to scare you all ....


Try setting the MAC address on the card (actually if theory is true, you
should be able to set all cards) to the broadcast address ie.
0xffffffffffff.

Looking at what happens when an IP based device receives a packet :

1) Ethercard receives the packet, and looks at the destination address.
The destination address has to match on one of the following addresses
catagories :

* IEEE 802 OUI/Serial Number Address - standard good old world wide
unique MAC address
* Any Multicast addresses registered
* Ethernet broadcast

2) If the ethercard matches, it strips off the ethernet header and
trailer, and passes the data to layer 3 (network layer). eg. the
ethernet data could be an IP packet.

3) Network layer looks at the address to see if it matches one of the
following :

* Assigned IP addresses
* Any multicast IP address groups a member of if running IP multicast
* IP Broadcast and IP Subnet broadcast addresses

4) If it does, network layer strips off IP header and passes data to
layer 4.

The only difference between using the normal MAC address, and changing
the ethercards address to the ethernet broadcast address, is normally
step 1 only involves the ethercard, whereas if you set the address to
0xffffffffffff, then the CPU gets interrupted for every packet, to look
at the layer 3 address.

I tried this a while ago at home with a couple of 2.0.3x Linux boxes,
and it didn't seem to have a problem. ARP worked, the IP address of the
other machine was matched up with the ethernet broadcast address in my
ARP cache. Once ARP is working correctly, step 3 listed above takes
over, and ethernet becomes irrelivant.

I haven't had a chance to test it further - and couldn't see much use
for it (except to hide the origin of your ethernet packets and wasting
other people's CPU cycles). You could also clog up an ethernet switch,
as they forward ethernet broadcast and multicast packets to all ports
within the switch (without VLANS) or within the current VLAN.
  
I suppose you could build code into the ARP routines to ensure that the
addresses it registers aren't the ethernet broadcast address, but the
cost of protection (probably fairly minor) would still probably be
higher than the benefit.

Regards,
Mark.

David Newall wrote:
> 
> >>The original concept for Ethernet was that each *machine* would
> >>have a fixed Ethernet address
> > Hmmm, reference please. This is interesting folklore.
> 
> See http://www.nexial.com/cgi-bin/bsdibodyview?d=71088&q=MAC%20addresses
> 
> Regards,
> 
> David
> 
> --
> Check out the LinuxSA web pages at http://www.linuxsa.org.au/
> To unsubscribe from the LinuxSA list:
>   mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

--
| Mark Smith | email: mailto:marks@senet.com.au
| "IP Over Everything" - Vint Cerf.

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject