Date: Mon, 27 Apr 1998 19:18:39 +0300 From: Alexander Matey <lx@hosix.ntu-kpi.kiev.ua> To: "David E. Cross" <dec@phoenix.its.rpi.edu> Cc: Eivind Eklund <eivind@yes.no>, Julian Elisher <julian@whistle.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: Static ARP (IFF_NOARP usage in ethernet interfaces) Message-ID: <19980427191839.32584@hosix.ntu-kpi.kiev.ua> In-Reply-To: <Pine.BSF.3.96.980427103932.27742A-100000@phoenix.its.rpi.edu>; from David E. Cross on Mon, Apr 27, 1998 at 10:41:45AM -0400 References: <19980427150520.39431@hosix.ntu-kpi.kiev.ua> <Pine.BSF.3.96.980427103932.27742A-100000@phoenix.its.rpi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 27, 1998 at 10:41:45AM -0400, David E. Cross wrote:
> > > > I see no technical reason against this but
> > > > I'm curious why one would want to do this.. I can't imagine
> > > > a single reason for not wanting to do arp..
> > >
> > > Security. You want to be able to force a particular MAC address to
> > > match a particular IP address, so people can't come with a different
> > > computer and take over the IP address of a known computer.
> >
> > Yes, security. I my situation it stands for about 50 computers on 4
> > ethernet subnets, some of them do have internet access while the others
> > don't.
>
> That does not seem like much of an obstacle to overcome, on most ethernet
> cards you can over-ride the MAC address of the card. All you need to do
> is DOS the other machine into obblivion, change your MAC, ifconfig for his
> IP address, and do a broadcast ping to reset any switches that may be in
> the network.. (you are still hosed if you have a hub with security though)
I know it, David. But being with it means being secured better. If it
takes almost no pain and is already implemented in FreeBSD appletalk arp
then why do not implement it in ethernet arp ? Moreover, if I run into
-arp parameter in ifconfig(8) and then discover that it doesn't work - I
will certainly find it abnormal.
And I think it's time to stop this discussion. It would be more
interesting to hear the final verdict on this stuff.
bye, lx.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980427191839.32584>