Re: Win XP IP address hijack?

[Jarek Durak <jdk () tempus metal agh edu pl>]

Curt Wilson wrote:
> I was doing some experimentation in my home lab
> recently and came across something I thought was
> interesting. I would enjoy any comments on this
> potential issue, which may be known already but is a
> new one for me.
>
> I was running a desktop with Win XP pro using a
> static IP address. I booted up a laptop running Win98
> with a duplicate IP address; the duplicate IP address
> message appeared on the 98 box and the 98
> interface was disabled. XP connectivitiy worked as
> normal. (this is standard operation so far). I shut
> down the win98 box.
>
> Next, I booted a RedHat 7.0 system using the same
> static IP address. XP lost it's IP, showing 0.0.0.0, did
> not display any message about this, and the Linux
> box hummed away happily, receiving connections
> destined for that IP. Perhaps the RH system
> implements it's ARP/duplicate IP address check in a
> different manner that is not recognized by XP, at least
> in this particular instance.
>
> I did not test this with any other version of windows
> but, having never tried this particular scenario, I  was
> wondering if this is normal operation? If this is of any
> interest I'll grab a sniff of the traffic.

You have a switch in your network. I got 10 linux boxes running kernel 
2.4.12 with the same IP (clons). All of them was able to ping my router
with 80-95% packet lost
J