Rapid DHCP: Or, how do Macs get on the network so fast?

(cafbit.com)

354 points timdoug | 3 comments | 7/12/2011, 5:04:00 PM | HN request time: 0.617s | source

Show context

hardtke ◴[7/12/2011, 5:21:00 PM] No.2755522[source]▶

I've sat in many a meeting where the Macs "steal" all of the DHCP connections and I'm stuck watching the speaker instead of following TweetDeck.

replies(2): >>2755597 #>>2756354 #

knowtheory ◴[7/12/2011, 5:35:00 PM] No.2755597[source]▶

>>2755522 #

I've had my wife's macbook bump mine off the network by stealing the IP my machine is using. Definitely an inconvenience when on skype.

replies(3): >>2755631 #>>2755644 #>>2756414 #

1. ◴[7/12/2011, 5:42:00 PM] No.2755631[source]▶

>>2755597 #

replies(1): >>2755692 #

2. daniel_solano ◴[7/12/2011, 5:55:00 PM] No.2755692[source]▶

>>2755631 (TP) #

I am not a networking expert, and I haven't looked into this in any greater detail than what was in the article. However, it is possible that the Mac doesn't wait long enough to see if an address is already in use before using it. As such, it may end up essentially being an ARP cache poisoning attack.

How this works out in the end may depend on the DHCP server in use. Perhaps the server may discover the broken ARP resolution and invalidate the lease, allowing the Mac to jump in and steal the address while the other device is still trying to figure out what happened.

replies(1): >>2755781 #

3. riblack3 ◴[7/12/2011, 6:16:00 PM] No.2755781[source]▶

>>2755692 #

On some access points you can disable client to client traffic as a security precaution. If such traffic was disabled, it would probably break the ARP request to see if someone is currently using the IP. (@ 00.0180 seconds in the original article)

↑