From owner-freebsd-security  Wed Aug 19 05:48:43 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA04192
          for freebsd-security-outgoing; Wed, 19 Aug 1998 05:48:43 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dana.clari.net.au (dana.clari.net.au [203.27.85.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA04176;
          Wed, 19 Aug 1998 05:48:37 -0700 (PDT)
          (envelope-from thepish@freebsd.org)
Received: from localhost (thepish@localhost)
	by dana.clari.net.au (8.8.8/8.8.7) with SMTP id WAA15806;
	Wed, 19 Aug 1998 22:47:26 +1000 (EST)
	(envelope-from thepish@freebsd.org)
X-Authentication-Warning: dana.clari.net.au: thepish owned process doing -bs
Date: Wed, 19 Aug 1998 22:47:25 +1000 (EST)
From: Peter Hawkins <thepish@FreeBSD.ORG>
X-Sender: thepish@dana.clari.net.au
To: Edwin Woudt <edwin-ml@woudt.nl>
cc: freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG
Subject: Re: Gateway/firewall denial of service
In-Reply-To: <E0z8wbJ-0001Gf-00@cal007109.student.utwente.nl>
Message-ID: <Pine.BSF.3.96.980819223752.5598L-100000@dana.clari.net.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In general, when duplicate IPs are assigned on a segment, the router
will commence routing to the new MAC address after it is ARPed which
is precisely what FreeBSD did for you. Locking an address doesn't really
constitute a solution as the router cannot determine which of the two
machines has the correct mac address - one could deny service permanently
by booting first. Flipping the mac address is correct as the most common
cause of a mac address change is quite innocuous - a machine has been
shut down for an ethernet card swap and rebooted. Locking an address to
a mac address would make it very difficult to change ethernet cards in
machines.

Basically, the behaviour you saw is correct.
Peter

Hilink Internet            Peter Hawkins
381 Swan St Richmond,      
Vic, Australia             Ph: +61-3-9421 2006 Fax: +61-3-9421 2007
http://www.hilink.com.au   Peter@hilink.com.au

FreeBSD Project:           thepish@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message