Re: Arp expire/timeout 2.1.132/2.2pre1

Florian Lohoff (flo@rfc822.org)
Sun, 3 Jan 1999 00:32:30 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert Broughton: "ftape vs. floppies"
Previous message: Damien Miller: "Cannot mount vfat partitions with 2.2.0pre3"
In reply to: Arno Peters: "2.2.0pre3: PPP VJ compression broken"

On Sat, Jan 02, 1999 at 09:02:03AM -0800, David S. Miller wrote:
> Date: Sat, 2 Jan 1999 17:32:19 +0100
> From: Florian Lohoff <flo@rfc822.org>
>
> Wouldnt this work when:
> - Restart neighbour entry expiry time on receive of an packet which matches
> the correct IP/MAC address pair ?
>
> This makes ARP spoofing really easy and thus allows easy denial of
> service attacks.

Maybe i am blind but i cant see that point ? If an entry in the
Arp cache does NOT exist we dont accept it by this behaviour.
So where is the possibility of arp spoofing here ?

Only if An Arp Cache Entry exists, and the packet matches the Entry
coming in matches correcty we restart the timer.

Only problem i might see is a performance loss as for every packet
we have to search the Arp table ... Ok - forget it - just a silly thought.

Flo

-- Florian Lohoff flo@rfc822.org +49-5241-470566 Good, Fast, Cheap: Pick any two (you can't have all three). (RFC 1925)

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert Broughton: "ftape vs. floppies"
Previous message: Damien Miller: "Cannot mount vfat partitions with 2.2.0pre3"
In reply to: Arno Peters: "2.2.0pre3: PPP VJ compression broken"