From owner-freebsd-questions Fri Nov 12 7:35:11 1999 Delivered-To: freebsd-questions@freebsd.org Received: from earth.wnm.net (earth.wnm.net [208.246.240.243]) by hub.freebsd.org (Postfix) with ESMTP id 167CD14ED0 for ; Fri, 12 Nov 1999 07:35:08 -0800 (PST) (envelope-from alex@wnm.net) Received: from localhost (alex@localhost) by earth.wnm.net (8.8.8/8.8.8) with ESMTP id JAA21729; Fri, 12 Nov 1999 09:35:04 -0600 (CST) Date: Fri, 12 Nov 1999 09:35:03 -0600 (CST) From: Alex Charalabidis To: Don Read Cc: os2_daemon@altavista.net, freebsd-questions@FreeBSD.ORG Subject: RE: FreeBSD security on TCP/IP question. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 12 Nov 1999, Don Read wrote: > > It all started when curiously, I tried to put 172.16.1.1 which is an NT > > server into ifconfig. Ifconfig said some error messages that the IP address > > have been taken by another machine. Who cares ... > > > just the rest of the 172.16 network. > > > Next day, the sysadmin came to me and accusing me for trying to hijack the > > system. He told me that apparently I crashed his NT by doing so. This brought > > me a very big question. Was he just bluffing, or the NT seriously cannot > > defend against this ? > > I've never seen NT fall-over from this; it's lame, but not that fscking lame. > usually it stopps accepting or sending packets for various intervals and give a > whinging dialog. > Never seen it kill an NT machine but, from my observations, most of the time NT will graciously give up an IP address to the hijacker and complain very little. You should just see it go offline mysteriously. Of course it may need rebooting in order to recover the address... > > I also wonder what will happen to a FreeBSD box if some other computer claim > > the same IP address. > > pretty much the same, stop accepting or transmitting packets, and complain > loudly. When someone on my network did the same with a FreeBSD box, I had two FreeBSD machines fighting to their bloody death over the IP address (oddly enough, the 2.1.5 hijacker was winning over the 4.0 victim most of the time). Morale: DON'T DO IT. -ac -- ============================================================== Alex Charalabidis (AC8139) 5050 Poplar Ave, Ste 170 Systems Administrator Memphis, TN 38157 WebNet Memphis (901) 432 6000 ============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message