Rendered at 04:29:21 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
sargun 45 minutes ago [-]
I accidentally took down our corporate network multiple times ~20 years ago, because I was setting up virtual networks with Linux machines acting as l2 bridges, and with proxy_arp to on. The DHCP server only checked for an arp reply, and I caused our server to run out of IPs. It had a cache and nobody knew how to clear it, so we just had to wait it out.
DANmode 28 minutes ago [-]
> nobody knew how to clear it
That…ever get resolved?
pixl97 3 hours ago [-]
Oh wow, that's a fun one. It sounds like the network card was in promiscuous mode.
>As promiscuous mode can be used in a malicious way to capture private data in transit on a network, computer security professionals might be interested in detecting network devices that are in promiscuous mode. In promiscuous mode, some software might send responses to frames even though they were addressed to another machine.
deadlyllama 2 hours ago [-]
Whatever it is, it's not that. A ping to a unicast IPv4 address in the local subnet won't be transmitted at the Ethernet layer until the IP has been resolved to an Ethernet MAC address via ARP. The troublesome host must have been responding to the broadcast ARP requests with ARP responses, too. Promiscuous mode makes no difference here as those ARP requests are broadcasts and you'll receive them with or without promiscuous mode.
wjholden 2 hours ago [-]
I did a small research project years ago (like 16 years ago) where I tried to detect hosts in promiscuous mode. The entire effort wasn't super relevant even in 2010 because switched networks had already largely replaced old hubs but it was interesting stuff.
The most interesting thing I remember looking at was a tool called Neped. I can't find the source but it might be here: https://www.apostols.org/projects. As I recall, Neped would do things exactly like this article says — send an ping packet to the right IP address but wrong MAC address and see if it responds. I probably have the details wrong but that's the idea. It was some really clever stuff. I always wonder what old vulnerabilities like this we would rediscover if we put new computers on old networks (especially hubs).
That…ever get resolved?
The wikipedia page even has a bit about this.
https://en.wikipedia.org/wiki/Promiscuous_mode
>As promiscuous mode can be used in a malicious way to capture private data in transit on a network, computer security professionals might be interested in detecting network devices that are in promiscuous mode. In promiscuous mode, some software might send responses to frames even though they were addressed to another machine.
The most interesting thing I remember looking at was a tool called Neped. I can't find the source but it might be here: https://www.apostols.org/projects. As I recall, Neped would do things exactly like this article says — send an ping packet to the right IP address but wrong MAC address and see if it responds. I probably have the details wrong but that's the idea. It was some really clever stuff. I always wonder what old vulnerabilities like this we would rediscover if we put new computers on old networks (especially hubs).