From owner-freebsd-security Mon Apr 19 13:57:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 106F81551A for ; Mon, 19 Apr 1999 13:57:43 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA59776; Mon, 19 Apr 1999 14:54:59 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA27522; Mon, 19 Apr 1999 14:54:56 -0600 (MDT) Message-Id: <199904192054.OAA27522@harmony.village.org> To: Rajit Manohar Subject: Re: poink and freebsd Cc: security@FreeBSD.ORG In-reply-to: Your message of "Mon, 19 Apr 1999 14:54:18 EDT." <199904191854.OAA02778@mozart.csl.cornell.edu> References: <199904191854.OAA02778@mozart.csl.cornell.edu> Date: Mon, 19 Apr 1999 14:54:56 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199904191854.OAA02778@mozart.csl.cornell.edu> Rajit Manohar writes: : about a minute, everything returned to normal (AFAIK). I'd guess that : a repeated-poink, or a poink of an nfs server would be a more serious : problem. Sounds like your typical "Let's claim to be someone else and confuse everybody" DOS that has been well know since at least the late 80's, if not before. arp has no authentication in it, so short of hard wiring the arp cache on all your machines, I don't think there is much that can be done about this. Even detecting that it is going on and keeping the right address is going to be hard in the face of a more demented attack from cards that allow one to set one's own NIC address. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message