lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAO7SqHBn+S74R2smEVbSFPDhManXpOAczwzRg++q8BJHYMsLRw@mail.gmail.com>
Date:	Fri, 20 Dec 2013 14:25:48 -0800
From:	Salam Noureddine <noureddine@...stanetworks.com>
To:	Stephen Hemminger <stephen@...workplumber.org>
Cc:	"David S. Miller" <davem@...emloft.net>,
	Alexey Kuznetsov <kuznet@....inr.ac.ru>,
	James Morris <jmorris@...ei.org>,
	Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
	Patrick McHardy <kaber@...sh.net>,
	Hannes Frederic Sowa <hannes@...essinduktion.org>,
	netdev@...r.kernel.org
Subject: Re: [PATCH 1/1] ipv4: arp: Always update neighbour address when a
 gratuitous arp is received

I could make is_garp conditional on ARP_ACCEPT. Would that be a more
acceptable solution?
Otherwise, if some sort of rate limiting is needed we would have to
add an addr_updated field
to the neighbour structure that would save the time when the address
was updated and not just
any update to the neighbour.

Thanks,

Salam

On Fri, Dec 20, 2013 at 2:06 PM, Stephen Hemminger
<stephen@...workplumber.org> wrote:
> On Fri, 20 Dec 2013 10:59:22 -0800
> Salam Noureddine <noureddine@...stanetworks.com> wrote:
>
>> Gratuitous arp packets are useful in switchover scenarios to update
>> client arp tables as quickly as possible. Currently, the mac address
>> of a neighbour is only updated after a locktime period has elapsed
>> since the last update. In most use cases such delays are unacceptable
>> for network admins. Moreover, the "updated" field of the neighbour
>> stucture doesn't record the last time the address of a neighbour
>> changed but records any change that happens to the neighbour. This is
>> clearly a bug since locktime uses that field as meaning "addr_updated".
>> With this observation, I was able to perpetuate a stale address by
>> sending a stream of gratuitous arp packets spaced less than locktime
>> apart.
>>
>> Signed-off-by: Salam Noureddine <noureddine@...stanetworks.com>
>
> Doesn't this make the system more vulnerable to ARP spoofing?
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ