PC using broadcast address

Toggle sidebar Toggle sidebar
K

katun

Reputable
Apr 24, 2014
7
0
4,510
I discovered an unknown device (maybe a PC) which use the broadcast IP address (x.x.x.255).
When I scanned the LAN, with full range from 0 to 255, it appeared a device with some ports opened.
The device have the same MAC address with one of the printers, it is using a similar name (printer name with an extra blank character added at the end), but the ports opened are different that the printer have configured to be open!
Can be a hacker in my network, or it is an error in the network switch configuration?
Or maybe I have some wrong settings on the printer, which create a ghost device with the broadcast address?

Any documented suggestion is welcomed!
 
Solution
B
The broadcast address is a very strange things to mess with. All machine accept data into it. Although it is many times disabled if you can ping the broadcast address you will get responses from many different machines but not all respond it depends on the OS if they do or not. If they respond in most cases they use their real ip address.

I would bet it is a bug in the printer OS.
Sort by date Sort by votes
The broadcast address is a very strange things to mess with. All machine accept data into it. Although it is many times disabled if you can ping the broadcast address you will get responses from many different machines but not all respond it depends on the OS if they do or not. If they respond in most cases they use their real ip address.

I would bet it is a bug in the printer OS.
 
Upvote 0 Downvote
Solution
Thanks for the answer!
But can the printer machine, based on an error, to use a non identical name? having an extra character at the end?

What happen if a hacker use the printer name and MAC address, and also configure his machine with the broadcast address as static IP?
It is possible to use this configuration to get access to my LAN?

Maybe he try to cover his activity under the name of the printer!
My lan use a layer 2 switch, which manage the network traffic by MAC address and not by IP.
It is this relevant in any way?
The switch can be tricked to send traffic destinated to the printer, and also to duplicate it for the ghost MAC address?
So, on this way hacker machine get a copy of all the printed documents!?
 
Upvote 0 Downvote
It is pretty easy to test if it is the printer. Turn it off and see if both go away.

Pretty much the only thing you see being sent to broadcast address is something like a ARP packet. The broadcast address is not a machine it is ALL machines so it is not really possible for a machine to use it. It is used as a destination ip. Any traffic sourced with the broadcast address will be ignored. Even if someone did take the address it could not be used to originate any data so no session based traffic could occur. No actual data is sent to the broadcast address
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom