RE: mac duplication
From: Michael Wojcik (Michael.Wojcik_at_microfocus.com)
Date: 12/15/03
- Previous message: Matthew Leeds: "Re: IE Remote"
- Maybe in reply to: Dev: "mac duplication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: vuln-dev@securityfocus.com Date: Mon, 15 Dec 2003 11:46:38 -0800
Burton M. Strauss III [mailto:BStrauss@acm.org] wrote:
> That's also not to say you can't spoof the address, but even
> then, if you override it, you're SUPPOSED to set the LLA bit
> (i.e. a LLA address is xxxxxx1x:....).
I believe that's LAA - Locally-Administered Address. The OEM-assigned MAC
address is a UAA, or Universally-Administered Address.
Glenn_Everhart@bankone.com wrote:
> There exist networks that do not use ARP and require MAC
> addresses to be adjusted to fit the network address scheme.
> Their existence (and the fact they preceded IP) is a reason
> why essentially all ethernet interfaces can reset their MAC
> addresses programmatically.
Yup. Pre-APPN SNA is an example; nodes (PUs) were usually addressed
directly by MAC address by the sender. Of course it was possible to get the
destination's UAA and configure that in the sender's tables, but that was
cumbersome, required the destination be up and running before completing
comms configuration, and made replacing a NIC (or entire box) difficult.
LAAs were much easier to deal with.
For SNA, LAAs were probably more commonly seen on Token Ring NICs, since TR
was a more popular choice for SNA shops (as I remember), but I set some
Ethernet ones too in my day. (Ethernet was a pain because some SNA
implementations, but not all, bit-swapped the MAC address.)
I suppose another possible use for LAAs is with certain types of failover
schemes for high-availability servers. When one server system fails,
another can come online with the same LAA MAC address and pick up where the
failing one left off. In principle, anyway; I had a vague idea that IBM's
HA/CMP did that, but I just checked Lynn Wheeler's site and he indicates
that HA/CMP backup servers took over just the IP address, and had to force
some noncompliant stacks to pick up the new MAC address. (Apparently the
Reno stack had a second, "hidden" 1-item ARP cache that was used as long as
the current outbound packet had the same destination IP address as the
previous one.)
-- Michael Wojcik Principal Software Systems Developer, Micro Focus
- Previous message: Matthew Leeds: "Re: IE Remote"
- Maybe in reply to: Dev: "mac duplication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
