I know it sounds crazy but it was proposed at DefCon by that classic Dan Kaminsky who theorized on what he called the pizza protocol. Meaning, if you live in a house with others and someone orders a pizza, no matter who ordered it, someone will accept the pizza traffic.

Anyhow, here’s how it works:

  1. Configure a few systems with the same IP Addresses.
  2. TCP SYN goes out to a remote system that responds.
  3. Return IP Traffic returns into your network and since all systems are running the same IP Address, they all receive the packets.
  4. The one with the entry in the TCP state table will gladly accept the traffic while the others will drop the traffic. (Hopefully.)
  5. May need to manage how systems manage ARP Table conflicts. Obviously systems will notice the IP Conflict and complain but those can be suppressed with static ARP entries or sysctl variable tweak on *Nix operating systems.
  6. Setup Wireshark on the systems and watch the traffic come and go.

Few things to keep in mind
– When one station ‘sees’ another using their IP Address, they’ll complain.
– The workaround is to configure static ARP Entries on each station to disable ARP Defense packets.
– You can also disable the notifications or block them with a firewall config.