Date: Wed, 19 Aug 1998 22:47:25 +1000 (EST) From: Peter Hawkins <thepish@FreeBSD.ORG> To: Edwin Woudt <edwin-ml@woudt.nl> Cc: freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: Gateway/firewall denial of service Message-ID: <Pine.BSF.3.96.980819223752.5598L-100000@dana.clari.net.au> In-Reply-To: <E0z8wbJ-0001Gf-00@cal007109.student.utwente.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
In general, when duplicate IPs are assigned on a segment, the router will commence routing to the new MAC address after it is ARPed which is precisely what FreeBSD did for you. Locking an address doesn't really constitute a solution as the router cannot determine which of the two machines has the correct mac address - one could deny service permanently by booting first. Flipping the mac address is correct as the most common cause of a mac address change is quite innocuous - a machine has been shut down for an ethernet card swap and rebooted. Locking an address to a mac address would make it very difficult to change ethernet cards in machines. Basically, the behaviour you saw is correct. Peter Hilink Internet Peter Hawkins 381 Swan St Richmond, Vic, Australia Ph: +61-3-9421 2006 Fax: +61-3-9421 2007 http://www.hilink.com.au Peter@hilink.com.au FreeBSD Project: thepish@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980819223752.5598L-100000>