Apple devices spoofing default gateway?
Simon Lockhart
simon at slimey.org
Thu Mar 14 21:40:42 UTC 2019
On Thu Mar 14, 2019 at 04:19:04PM -0500, Jimmy Hess wrote:
> Apple's Bonjour protocols include something called Apple Bonjour Sleep Proxy
> for Wake on Demand --- When a device goes to sleep, the Proxy that runs on
> various Apple devices is supposed to seize all the IP and MAC addresses that
> device had registered, so it can wait for an incoming TCP SYN, (and if one's
> received, then signal the sleeping device to wake up and process the
> connection.)
That's a very interesting observation - when we talk to the users of the
Apple devices, they quite often say that the device was 'asleep' when it
was sending these 'spoofed' ARP responses.
> (Or perhaps they wanted to have a feature to let someone AirPlay from a
> different VLAN than another device?)
Cisco Wireless does claim to have some features to 'help' Bonjour / mDNS
to work better. I wonder if one of those features is misbehaving.
Simon
More information about the NANOG
mailing list