0

Is it possible to run the clone of a system in the same network, having same ip and mac? We have a linux based server and on testing, we felt as if the connections arent going to the same server all the time. Therefore we believe that there is a clone of it, running in the LAN at night. Is this scenario possible? Can multiple systems have the same IP and MAC ? if yes, how can we detect the Imposter/Clone? Suggest some methods.

(We tested two linux systems by giving them same ip and mac and the systems still had internet access but not as smooth as before. But access to these systems from a third computer was interupted -ssh etc. Is it possible possible that someone had overcome this situation?)

Akhil Abraham
  • 1
  • 1

1 Answers1

0

Theoretically if you need to overcome it - it is possible, but depends on your network - routers, switches, etc.

If you have duplicated IP address and your network is routed - you need to see log of router edged to target host. Routers log an error if arp is changing often. If client and target are on same subnet - you can monitor arp table on client computer.

If it is duplication of MAC address - you have to see logs of switch edged to target host. In the case of MAC duplication switch FIB will have flapping MAC and this often cause an error in switch log.

You can either try to catch duplicate from server itself - for example running arping -I eth0 -c 3 192.168.1.1 regularly from crontab and logging the output.

kab00m
  • 498
  • 3
  • 10