From owner-freebsd-hackers  Mon Apr 27 09:27:45 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA15023
          for freebsd-hackers-outgoing; Mon, 27 Apr 1998 09:27:45 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from ntu-kpi.kiev.ua (ntu-kpi.kiev.ua [195.178.136.20])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA14526
          for <freebsd-hackers@FreeBSD.ORG>; Mon, 27 Apr 1998 09:25:05 -0700 (PDT)
          (envelope-from lx@hosix.ntu-kpi.kiev.ua)
Received: from fobos.ntu-kpi.kiev.ua (fobos.ntu-kpi.kiev.ua [10.100.0.6])
          by ntu-kpi.kiev.ua (8.8.8/8.7.3) with ESMTP id TAA29242;
          Mon, 27 Apr 1998 19:19:50 +0300 (EEST)
Received: from hosix.ntu-kpi.kiev.ua (lx.hosix.ntu-kpi.kiev.ua [10.100.23.72])
          by fobos.ntu-kpi.kiev.ua (unknown/censored) with ESMTP id TAA10420;
          Mon, 27 Apr 1998 19:19:50 +0300 (EEST)
Received: (from lx@localhost)
	by hosix.ntu-kpi.kiev.ua (8.8.8/8.8.7) id TAA00970;
	Mon, 27 Apr 1998 19:18:39 +0300 (EEST)
	(envelope-from lx)
Message-ID: <19980427191839.32584@hosix.ntu-kpi.kiev.ua>
Date: Mon, 27 Apr 1998 19:18:39 +0300
From: Alexander Matey <lx@hosix.ntu-kpi.kiev.ua>
To: "David E. Cross" <dec@phoenix.its.rpi.edu>
Cc: Eivind Eklund <eivind@yes.no>, Julian Elisher <julian@whistle.com>,
        freebsd-hackers@FreeBSD.ORG
Subject: Re: Static ARP (IFF_NOARP usage in ethernet interfaces)
References: <19980427150520.39431@hosix.ntu-kpi.kiev.ua> <Pine.BSF.3.96.980427103932.27742A-100000@phoenix.its.rpi.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.88e
In-Reply-To: <Pine.BSF.3.96.980427103932.27742A-100000@phoenix.its.rpi.edu>; from David E. Cross on Mon, Apr 27, 1998 at 10:41:45AM -0400
Organization: Hostel #6, NTUU /KPI/
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Apr 27, 1998 at 10:41:45AM -0400, David E. Cross wrote:

> > > > I see no technical reason against this but
> > > > I'm curious why one would want to do this.. I can't imagine 
> > > > a single reason for not wanting to do arp..
> > > 
> > > Security.  You want to be able to force a particular MAC address to
> > > match a particular IP address, so people can't come with a different
> > > computer and take over the IP address of a known computer.
> > 
> >   Yes, security. I my situation it stands for about 50 computers on 4 
> > ethernet subnets, some of them do have internet access while the others 
> > don't.
> 
> That does not seem like much of an obstacle to overcome, on most ethernet
> cards you can over-ride the MAC address of the card.  All you need to do
> is DOS the other machine into obblivion, change your MAC, ifconfig for his
> IP address, and do a broadcast ping to reset any switches that may be in
> the network.. (you are still hosed if you have a hub with security though)

    I know it, David. But being with it means being secured better. If it
takes almost no pain and is already implemented in FreeBSD appletalk arp
then why do not implement it in ethernet arp ? Moreover, if I run into
-arp parameter in ifconfig(8) and then discover that it doesn't work - I
will certainly find it abnormal.
    And I think it's time to stop this discussion. It would be more
interesting to hear the final verdict on this stuff.

    bye, lx.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message