On 25/06/2019 15.34, Dave Howorth wrote:
On Mon, 24 Jun 2019 18:44:58 +0200 "Carlos E. R." <> wrote:
...
So that should stop things phoning home.
I think so, unless they use some "clever" trick I can't think about.
For instance, an evil someone could listen to the traffic, see an IP that is authorized to get out, and when that IP is not running, pose as it.
I don't know what happens if a device tries to spoof an IP address. I'll ask them if I can't find an answer in the docs.
Them who? :-? In the scenario I related, as the "bad thing" uses that IP when it sees the machine that owns it is off the LAN, it would probably achieve its goal. You would not be able to stop it. It might spoof both the IP and the MAC. Perhaps by using a proxy and some authorization method. Of course, when the correct machine goes back on the LAN there would be problems. The router would see the collision. But so might the rogue device, which would then go back to the correct MAC/IP to avoid corrective action. Detecting the collision when an isolating switch is used might not be possible by the clients, because they don't see the full traffic, only their own. On WiFi things may be different, I'm unsure. And of course, the router might try to tell the clients that there is a collision (how, I do not know for sure), or it might close the port (the cable) connected to one of the two or both. If the router knows the rogue machine is on DHCP, it would try to assign another IP. You would see nothing, only that when the good machine connects again DHCP would simply give it another address. The problem would be if the bad machine also spoofs the MAC. But I'm not a "bad hacker", this is not my stuff ;-) -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)