lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Tue, 28 Nov 2006 11:37:22 -0800
From:	"Tim Wright" <>
To:	<>
Cc:	"Tim Wright" <>
Subject: Arp undo issue in all 2.4 and 2.6 kernel releases

Hi folks,
I have been tracking down a strange problem, and have a simple
"reproduce-by" and was looking for opinions from those better-versed in
the kernel networking code. Basically, it is possible to get a system
into a state where it responds to ARP requests even though no interface
has the address requested. Here is a simple reproduce-by:

Select an address in the same subnet as eth0
# ifconfig eth0:5 W.X.Y.Z netmask ... up
This works. Machine now responds to arp requests for W.X.Y.Z.
# ifconfig eth0:6 W.X.Y.Z netmask ... up
This fails as it should. But, the damage is done.
# ifconfig
You will only see eth0 and eth0:5. There is no eth0:6 interface. Good.
# ifconfig eth0:5 down
Now we are supposedly back to the original state. BUT the machine will
still respond to ARP requests for W.X.Y.Z

The easiest way to get out of this is to bring up eth0:5 again, and
bring it down again. However, this looks to me like the undo code when a
clashing address is found fails to clean up the arp side of things
correctly. Any clues here?

I am not on the netdev mailing list and will track responses on the
mailing list archives.

Thanks very much,

Tim Wright
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists