[unisog] Mac OS X 10.6 workstation stole the IP address of another device, Apple Time Capsules too

Irwin Tillman irwin at princeton.edu
Mon Sep 14 14:38:32 GMT 2009


An update:

I'm seeing the problem spread on our campus as both Mac OS X 10.6 has begun
appearing and our dormitories have opened.

All the victims to-date have been Mac OS X workstations.

The devices that have stolen IP addresses in this way are:

  Apple Time Capsule:                         5
  Apple AirPort Express:                      1  (incident confirmed, but nature of the device not yet confirmed)
  Mac OS X 10.6 workstation:                  1
  Mac OS X (version unspecified) workstation: 1  (incident confirmed, but nature of the device not yet confirmed)

I speculate this is the due to the "Bonjour Sleep Proxy Server", but stress
that this remains only speculation.  And Bonjour Sleep Proxy Server isn't even supposed
to be present in Mac OS X 10.6, yet we have one confirmed case (and one more we are
still trying to confirm) where that's what the thief was running.

Irwin Tillman
OIT Network Systems / Princeton University



More information about the unisog mailing list