Date: Sun, 18 Sep 2005 12:14:01 -0400 From: Chuck Swiger <cswiger@mac.com> To: Motonori Shindo <mshindo@mshindo.net> Cc: freebsd-net@freebsd.org Subject: Re: ARP behavior in FreeBSD vs Linux Message-ID: <432D9249.9090202@mac.com> In-Reply-To: <20050919.004531.92589257.mshindo@mshindo.net> References: <20050919.004531.92589257.mshindo@mshindo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Motonori Shindo wrote: > On FreeBSD (and I guess most Operating Systems as well), ARP reply is > sent back only when the target IP address in ARP request matches with > one of the IP addresses assigned to the interface through which the > ARP Request is received. This is correct behavior. Normally, you should only be able to ARP an IP address which is on an interface connected to that subnet. > In contrast, on Linux (by default), it > responds as long as the target IP address in ARP Request matches with > any "local" IP address on the system, which is not necessarily an IP > address assigned to the interface through which the ARP request is > received. This sounds like "proxy ARPing" is enabled by default on your particular flavor of Linux. I don't think they all do that, hopefully, any more than ipforwarding should be enabled by default just because a machine has two NICs. > Is there any advantage/disadvantage in ARP implementation on FreeBSD > over that of Linux? Thanks. This information disclosure could potentially be a security problem, if Linux is providing the MAC address of a NIC not connected to the subnet without being explicitly configured to do so...although in practice very few people actually implement layer-2 security measures. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?432D9249.9090202>