Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 08 Feb 2012 14:05:38 -0800
From:      Chuck Swiger <cswiger@mac.com>
To:        =?utf-8?B?0JrQvtC90YzQutC+0LIg0JXQstCz0LXQvdC40Lk=?= <kes-kes@yandex.ru>
Cc:        freebsd-net@freebsd.org
Subject:   Re: security issue!!
Message-ID:  <2BF9EFDB-C52E-4842-9754-66357AD3EBA5@mac.com>
In-Reply-To: <15210117711.20120208235307@yandex.ru>
References:  <15210117711.20120208235307@yandex.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 8, 2012, at 1:53 PM, =EB=CF=CE=D8=CB=CF=D7 =E5=D7=C7=C5=CE=C9=CA =
wrote:
> some host on LAN can send packets to MAC address of FreeBSD server
>=20
> and server accept packets even if frame is not in its subnet and pass =
them further %-)
>=20
> details here
> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D164914

Um, what were you expecting to have happen?

It's not that unusual for someone to setup a bridge or VPN/proxy-arp =
configuration where an interface doesn't have an IP, but still receives =
and forwards (or otherwise processes) the traffic which it sees, because =
the traffic is addressed to the MAC address of that interface....

Regards,
--=20
-Chuck




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2BF9EFDB-C52E-4842-9754-66357AD3EBA5>