Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 Dec 2001 12:19:29 -0800
From:      "Crist J . Clark" <cristjc@earthlink.net>
To:        "Louis A. Mamakos" <louie@TransSys.COM>
Cc:        Ruslan Ermilov <ru@FreeBSD.ORG>, Eugene Grosbein <eugen@grosbein.pp.ru>, net@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: NOARP - gateway must answer and have frozen ARP table
Message-ID:  <20011205121928.A3061@blossom.cjclark.org>
In-Reply-To: <200112051852.fB5IqmH95809@whizzo.transsys.com>; from louie@TransSys.COM on Wed, Dec 05, 2001 at 01:52:48PM -0500
References:  <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Dec 05, 2001 at 01:52:48PM -0500, Louis A. Mamakos wrote:
> > On Wed, Dec 05, 2001 at 01:35:52PM -0500, Louis A. Mamakos wrote:
> > > Doesn't this behavior need to be on a per-interface basis?  I'm wondering
> > > if a single sysctl is sufficient to get the desired effect.
> > > 
> > No, we want ARP table to stay intact no matter which interface
> > sends us an update.
> 
> I thought the original desire was to have a network interface which
> would respond to ARP requests, but only use static IP->MAC address
> mappings installed in the ARP table.  I would imagine there are
> circumstances where you'd like other network interfaces on a multi-homed
> host to continue to operate in the "normal" fashion.

I'm not sure I understand the reason for the static table on one
end. If it is for security, you need to have static tables on _both_
machines or a man-in-the-middle attack is still possible. (And in any
case, MAC addresses are trivial to spoof.)
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011205121928.A3061>