In computer networking, a frame is a data transmission or data packet that includes a sequence of bits that identify the beginning and the end of the packet in a stream of bits. Generally, a network is designed to not “loop back” frames to the originating system, or in other words, to forward frames back over a network connection to a network-attached device that initially transmitted the frames. However, there are cases in which the network may unknowingly do so, and the network-attached device should determine if such a received frame was one which was self-originated, or originated elsewhere.
Furthermore, determining the origination status (e.g., self-originated, or originated by another device) of a frame may be a non-trivial task. For example, one situation where looped-back frames are problematic includes a server with multiple bonded network adapters connecting the server to the network. A packet or frame may be sent out over one network adapter and received by the server at a second network adapter. Another example includes a malicious attempt to penetrate a network using Address Resolution Protocol (ARP) spoofing. ARP spoofing is a technique whereby an attacker sends fake (“spoofed”) ARP messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.
ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks. Identifying frames that are self-originated in these situations is difficult, particularly in these cases where the frame is intended to determine inappropriate address reuse on a network. In these situations, separating looped-back frames from legitimately independent frames from systems competing for the same network address is ambiguous at best and can lead to significant network failures such as lost packets, network collisions, etc.