Date: Mon, 27 Apr 1998 10:41:45 -0400 (EDT) From: "David E. Cross" <dec@phoenix.its.rpi.edu> To: Alexander Matey <lx@hosix.ntu-kpi.kiev.ua> Cc: Eivind Eklund <eivind@yes.no>, Julian Elisher <julian@whistle.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: Static ARP (IFF_NOARP usage in ethernet interfaces) Message-ID: <Pine.BSF.3.96.980427103932.27742A-100000@phoenix.its.rpi.edu> In-Reply-To: <19980427150520.39431@hosix.ntu-kpi.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Apr 1998, Alexander Matey wrote: > On Sun, Apr 26, 1998 at 11:56:10PM +0200, Eivind Eklund wrote: > > > I see no technical reason against this but > > > I'm curious why one would want to do this.. I can't imagine > > > a single reason for not wanting to do arp.. > > > > Security. You want to be able to force a particular MAC address to > > match a particular IP address, so people can't come with a different > > computer and take over the IP address of a known computer. > > Yes, security. I my situation it stands for about 50 computers on 4 > ethernet subnets, some of them do have internet access while the others > don't. > That does not seem like much of an obstacle to overcome, on most ethernet cards you can over-ride the MAC address of the card. All you need to do is DOS the other machine into obblivion, change your MAC, ifconfig for his IP address, and do a broadcast ping to reset any switches that may be in the network.. (you are still hosed if you have a hub with security though) -- David Cross To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980427103932.27742A-100000>