From owner-freebsd-net  Wed Dec  5 12:19:59 2001
Delivered-To: freebsd-net@freebsd.org
Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 435E037B41A; Wed,  5 Dec 2001 12:19:55 -0800 (PST)
Received: from dialup-209.244.107.135.dial1.sanjose1.level3.net ([209.244.107.135] helo=blossom.cjclark.org)
	by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16BiW5-0004yo-00; Wed, 05 Dec 2001 12:19:42 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB5KJTW04006;
	Wed, 5 Dec 2001 12:19:29 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 5 Dec 2001 12:19:29 -0800
From: "Crist J . Clark" <cristjc@earthlink.net>
To: "Louis A. Mamakos" <louie@TransSys.COM>
Cc: Ruslan Ermilov <ru@FreeBSD.ORG>,
	Eugene Grosbein <eugen@grosbein.pp.ru>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011205121928.A3061@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200112051852.fB5IqmH95809@whizzo.transsys.com>; from louie@TransSys.COM on Wed, Dec 05, 2001 at 01:52:48PM -0500
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 01:52:48PM -0500, Louis A. Mamakos wrote:
> > On Wed, Dec 05, 2001 at 01:35:52PM -0500, Louis A. Mamakos wrote:
> > > Doesn't this behavior need to be on a per-interface basis?  I'm wondering
> > > if a single sysctl is sufficient to get the desired effect.
> > > 
> > No, we want ARP table to stay intact no matter which interface
> > sends us an update.
> 
> I thought the original desire was to have a network interface which
> would respond to ARP requests, but only use static IP->MAC address
> mappings installed in the ARP table.  I would imagine there are
> circumstances where you'd like other network interfaces on a multi-homed
> host to continue to operate in the "normal" fashion.

I'm not sure I understand the reason for the static table on one
end. If it is for security, you need to have static tables on _both_
machines or a man-in-the-middle attack is still possible. (And in any
case, MAC addresses are trivial to spoof.)
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message