Can devices steal MAC allocated IP addresses?

Question

Scenario: You have a normal household network, provided by a standard router. The network is called 'netz'. There is no password on the netz network. On the router you've set a static IP address (192.168.1.20) to the Mac Address XYN:123.

Now a new device (XXX:999), attempts to join netz. However it has set in its network card to always use address 192.168.1.20

What will happen?

According to my colleague this will result in errors and stealing IP packets from each other. But is that really true?

It seems to be more logical to me when the IP is allocated to XYN::123 it should reject the attempt by XXX:999 to join the network.

Answer 1

On the router I set a static IP 192.168.1.20 to Mac Addresse XYN:123

No you didn't, you created a DHCP reservation - these are different, though the outcome is the same. You will have an IP conflict that will result in degraded connectivity for one or both computers. Your colleague is roughly correct, though I have no idea what he means by "stealing packages."

Answer 2

On the router I set a static IP 192.168.1.20 to Mac Addresse XYN:123
Now a new device XXX:999, sets in its network card to always use addresse 192.168.1.20

I'm not sure about this naming schematic as it looks like more of a hostname:port combo than a mac address.

Let's pretend that:

1. on the DHCP Server you set a static reservation for xx:xx:xx:xx:xx:xx to 192.168.1.20
2. This device connects to the network and properly goes through DHCP channels
3. A new device with the mac address yy:yy:yy:yy:yy:yy connects to the network and attempts to use a locally configured static IP address 192.168.1.20

Anecdotally: My Oracle Linux servers (SEE: Red Hat based) check to see if the address is in use on the network before fully bringing the NIC up. Windows Machines will attempt to bring the NIC up, detect the conflict and report warnings about an ip address conflict

Ultimately: The behavior is undefined and different operating systems will employ different procedures to rectify / ignore the issue. If two device are brought up on the network with the same ip address, all nodes on the subnet will have an arp entry mapping the IP to one of the two MAC ADDRESSES. Since there are conflicting IPs, this mapping may be different on each node. For technical discussion see the following: Entry on ARP Spoofing

In an enterprise network it may be wise to have hardware / software that attempts to detect and block such attempts.

Executive Conclusion: If two nodes are brought up successfully on the same subnet with the same IP address, there will be connectivity issues for at least one and probably both nodes. These issues can chain outwards to affect the entire network if either node is hosting critical services.

Answer 3

If your device XYN:123 gets on first, the router will assign it the reserved IP 192.168.1.20, and that will work fine. When XXX:999 connects, it won't ask the router for an IP address and just listen for packets to 192.168.1.20. This will result in a conflict, and it could cause bad performance/lost packets.

If XXX:999 connects first, XXX:999 will assume that it has that address and use it without asking the router. The router will (hopefully be smart enough to) see that a device is using that address is in use and assign XYN:123 a different address even though it had tried to reserve 192.168.1.20 for XYN:123.