| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070502171619.020a4def@freekitty> Date: Wed, 2 May 2007 17:16:19 -0700 From: Stephen Hemminger <shemminger@...ux-foundation.org> To: Topher Fischer <javert42@...byu.edu> Cc: Chris Friesen <cfriesen@...tel.com>, netdev@...r.kernel.org Subject: Re: ARP Spoofing On Wed, 02 May 2007 17:45:05 -0600 Topher Fischer <javert42@...byu.edu> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Chris Friesen wrote: > > Vlad Yasevich wrote: > > > >> If by arp spoofing you mean receiving arp replies from multiple > >> sources and > >> trusting all of them, then I haven't seen anything. > >> > >> I don't know the history as to why nothing has has been done. > > > > This concept is a valuable tool to allow for fast publishing of IP > > address takeover in redundant-server situations. > > > > There are ways in which it can be misused, but that doesn't make it an > > invalid technique. > > I don't think it would be too difficult to preserve this kind of > functionality while improving security. Is this really the only reason > why nothing has been done to protect machines from ARP spoofing? > Surely, you can do what you want with netfilter/arptables. -- Stephen Hemminger <shemminger@...ux-foundation.org> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists