lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 02 May 2007 16:45:48 -0400
From:	Vlad Yasevich <vladislav.yasevich@...com>
To:	Chris Friesen <cfriesen@...tel.com>
Cc:	Topher Fischer <javert42@...byu.edu>, netdev@...r.kernel.org
Subject: Re: ARP Spoofing

Chris Friesen wrote:
> Vlad Yasevich wrote:
> 
>> If by arp spoofing you mean receiving arp replies from multiple
>> sources and
>> trusting all of them, then I haven't seen anything.
>>
>> I don't know the history as to why nothing has has been done.
> 
> This concept is a valuable tool to allow for fast publishing of IP
> address takeover in redundant-server situations.
> 
> There are ways in which it can be misused, but that doesn't make it an
> invalid technique.
> 

Yes, but when some bozo on the network misconfigures his system and
steals the IP of the default router, all hell breaks lose.

BSD is nice enough to tell you that a duplicate ARP response has been
received and gives you nobs to be able to turn this on and off.

BTW, the same issue came in IPv6, where a malicious user can cause
all sorts of nasty things on the network and the solution for that was SEND
(RFC 3971).  So at least the same problem can be solved in IPv6.

-vlad
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists