From owner-freebsd-bugs  Wed Aug 19 06:41:35 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA11309
          for freebsd-bugs-outgoing; Wed, 19 Aug 1998 06:41:35 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from cal007109.student.utwente.nl (cal007109.student.utwente.nl [130.89.221.199])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA11258;
          Wed, 19 Aug 1998 06:41:22 -0700 (PDT)
          (envelope-from edwin-ml@woudt.nl)
Received: from [192.168.1.2] (helo=desktop)
	by cal007109.student.utwente.nl with smtp (Exim 2.02 #2)
	id 0z98Sg-0001u7-00; Wed, 19 Aug 1998 15:39:38 +0200
From: "Edwin Woudt" <edwin-ml@woudt.nl>
To: Edwin Woudt <edwin-ml@woudt.nl>, Peter Hawkins <thepish@FreeBSD.ORG>
Date: Wed, 19 Aug 1998 15:42:47 +0100
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: Gateway/firewall denial of service
Reply-to: edwin@woudt.nl
CC: freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG
References: <E0z8wbJ-0001Gf-00@cal007109.student.utwente.nl>
In-reply-to: <Pine.BSF.3.96.980819223752.5598L-100000@dana.clari.net.au>
X-mailer: Pegasus Mail for Win32 (v3.01a)
Message-Id: <E0z98Sg-0001u7-00@cal007109.student.utwente.nl>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> In general, when duplicate IPs are assigned on a segment, the router
> will commence routing to the new MAC address after it is ARPed which
> is precisely what FreeBSD did for you. Locking an address doesn't really
> constitute a solution as the router cannot determine which of the two
> machines has the correct mac address - one could deny service permanently
> by booting first. Flipping the mac address is correct as the most common
> cause of a mac address change is quite innocuous - a machine has been
> shut down for an ethernet card swap and rebooted. Locking an address to
> a mac address would make it very difficult to change ethernet cards in
> machines.

Those duplicate IP's are not on the same segment. My local computer 
is on my local segment (192.168.0.0/16). This segment is connected to 
network card 'ep1'. The problem is that it accepts new MAC addresses 
for this segment on the other interface: 'ep0'.

Though it changes the MAC address, it doesn't change the interface in 
teh routing table. So after this happends it tries to contact my 
local machine via ep1, but the MAC address in it's routing table is 
from a network card on ep0 (the campus network).

Edwin Woudt


=====================================================================
 Edwin Woudt     ("`-''-/").___..--''"`-._          Calslaan 7-109
                  `6_ 6  )   `-.  (     ).`-.__.`)  7522 MH Enschede
 edwin@woudt.nl   (_Y_.)'  ._   )  `._ `. ``-..-'   The Netherlands
                _..`--'_..-_/  /--'_.' ,'
 ICQ: 1156462  (il),-''  (li),'  ((!.-'             +31 53 489 5010
=====================================================================

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message