Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Aug 1998 15:42:47 +0100
From:      "Edwin Woudt" <edwin-ml@woudt.nl>
To:        Edwin Woudt <edwin-ml@woudt.nl>, Peter Hawkins <thepish@FreeBSD.ORG>
Cc:        freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG
Subject:   Re: Gateway/firewall denial of service
Message-ID:  <E0z98Sg-0001u7-00@cal007109.student.utwente.nl>
In-Reply-To: <Pine.BSF.3.96.980819223752.5598L-100000@dana.clari.net.au>
References:  <E0z8wbJ-0001Gf-00@cal007109.student.utwente.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
> In general, when duplicate IPs are assigned on a segment, the router
> will commence routing to the new MAC address after it is ARPed which
> is precisely what FreeBSD did for you. Locking an address doesn't really
> constitute a solution as the router cannot determine which of the two
> machines has the correct mac address - one could deny service permanently
> by booting first. Flipping the mac address is correct as the most common
> cause of a mac address change is quite innocuous - a machine has been
> shut down for an ethernet card swap and rebooted. Locking an address to
> a mac address would make it very difficult to change ethernet cards in
> machines.

Those duplicate IP's are not on the same segment. My local computer 
is on my local segment (192.168.0.0/16). This segment is connected to 
network card 'ep1'. The problem is that it accepts new MAC addresses 
for this segment on the other interface: 'ep0'.

Though it changes the MAC address, it doesn't change the interface in 
teh routing table. So after this happends it tries to contact my 
local machine via ep1, but the MAC address in it's routing table is 
from a network card on ep0 (the campus network).

Edwin Woudt


=====================================================================
 Edwin Woudt     ("`-''-/").___..--''"`-._          Calslaan 7-109
                  `6_ 6  )   `-.  (     ).`-.__.`)  7522 MH Enschede
 edwin@woudt.nl   (_Y_.)'  ._   )  `._ `. ``-..-'   The Netherlands
                _..`--'_..-_/  /--'_.' ,'
 ICQ: 1156462  (il),-''  (li),'  ((!.-'             +31 53 489 5010
=====================================================================

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0z98Sg-0001u7-00>