From owner-freebsd-net@FreeBSD.ORG  Wed Feb  8 22:06:02 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 74A5B1065674
	for <freebsd-net@freebsd.org>; Wed,  8 Feb 2012 22:06:02 +0000 (UTC)
	(envelope-from cswiger@mac.com)
Received: from asmtpout030.mac.com (asmtpout030.mac.com [17.148.16.105])
	by mx1.freebsd.org (Postfix) with ESMTP id 5B4F68FC1F
	for <freebsd-net@freebsd.org>; Wed,  8 Feb 2012 22:06:02 +0000 (UTC)
MIME-version: 1.0
Content-type: text/plain; charset=koi8-r
Received: from cswiger1.apple.com (unknown [17.209.4.71])
	by asmtp030.mac.com (Oracle Communications Messaging Server 7u4-23.01
	(7.0.4.23.0) 64bit (built Aug 10 2011))
	with ESMTPSA id <0LZ300MU8HDEVD80@asmtp030.mac.com> for
	freebsd-net@freebsd.org; Wed, 08 Feb 2012 14:05:39 -0800 (PST)
X-Proofpoint-Virus-Version: vendor=fsecure
	engine=2.50.10432:5.6.7361,1.0.260,0.0.0000
	definitions=2012-02-08_08:2012-02-08, 2012-02-08,
	1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
	ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0
	classifier=spam
	adjust=0 reason=mlx scancount=1 engine=6.0.2-1012030000
	definitions=main-1202080239
From: Chuck Swiger <cswiger@mac.com>
X-Priority: 3 (Normal)
In-reply-to: <15210117711.20120208235307@yandex.ru>
Date: Wed, 08 Feb 2012 14:05:38 -0800
Content-transfer-encoding: quoted-printable
Message-id: <2BF9EFDB-C52E-4842-9754-66357AD3EBA5@mac.com>
References: <15210117711.20120208235307@yandex.ru>
To: =?utf-8?B?0JrQvtC90YzQutC+0LIg0JXQstCz0LXQvdC40Lk=?= <kes-kes@yandex.ru>
X-Mailer: Apple Mail (2.1084)
Cc: freebsd-net@freebsd.org
Subject: Re: security issue!!
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2012 22:06:02 -0000

On Feb 8, 2012, at 1:53 PM, =EB=CF=CE=D8=CB=CF=D7 =E5=D7=C7=C5=CE=C9=CA =
wrote:
> some host on LAN can send packets to MAC address of FreeBSD server
>=20
> and server accept packets even if frame is not in its subnet and pass =
them further %-)
>=20
> details here
> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D164914

Um, what were you expecting to have happen?

It's not that unusual for someone to setup a bridge or VPN/proxy-arp =
configuration where an interface doesn't have an IP, but still receives =
and forwards (or otherwise processes) the traffic which it sees, because =
the traffic is addressed to the MAC address of that interface....

Regards,
--=20
-Chuck