Rapid DHCP: Or, how do Macs get on the network so fast?

(cafbit.com)

354 points timdoug | 2 comments | 12 Jul 11 17:04 UTC | HN request time: 0.001s | source

Show context

hardtke ◴[12 Jul 11 17:21 UTC] No.2755522[source]▶

I've sat in many a meeting where the Macs "steal" all of the DHCP connections and I'm stuck watching the speaker instead of following TweetDeck.

replies(2): >>2755597 #>>2756354 #

knowtheory ◴[12 Jul 11 17:35 UTC] No.2755597[source]▶

>>2755522 #

I've had my wife's macbook bump mine off the network by stealing the IP my machine is using. Definitely an inconvenience when on skype.

replies(3): >>2755631 #>>2755644 #>>2756414 #

◴[12 Jul 11 17:42 UTC] No.2755631[source]▶

>>2755597 #

1. daniel_solano ◴[12 Jul 11 17:55 UTC] No.2755692[source]▶

>>2755631 #

I am not a networking expert, and I haven't looked into this in any greater detail than what was in the article. However, it is possible that the Mac doesn't wait long enough to see if an address is already in use before using it. As such, it may end up essentially being an ARP cache poisoning attack.

How this works out in the end may depend on the DHCP server in use. Perhaps the server may discover the broken ARP resolution and invalidate the lease, allowing the Mac to jump in and steal the address while the other device is still trying to figure out what happened.

replies(1): >>2755781 #

2. riblack3 ◴[12 Jul 11 18:16 UTC] No.2755781[source]▶

>>2755692 (TP) #

On some access points you can disable client to client traffic as a security precaution. If such traffic was disabled, it would probably break the ARP request to see if someone is currently using the IP. (@ 00.0180 seconds in the original article)

↑