From owner-freebsd-security Mon Apr 19 14: 2:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7F76815636 for ; Mon, 19 Apr 1999 14:02:42 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA59823; Mon, 19 Apr 1999 14:59:57 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA27640; Mon, 19 Apr 1999 14:59:53 -0600 (MDT) Message-Id: <199904192059.OAA27640@harmony.village.org> To: Rodrigo Campos Subject: Re: poink attack (was Re: ARP problem in Windows9X/NT) Cc: Nicole Harrington , security@FreeBSD.ORG, Liam Slusser In-reply-to: Your message of "Mon, 19 Apr 1999 16:51:57 -0300." References: Date: Mon, 19 Apr 1999 14:59:53 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Rodrigo Campos writes: : I've tested the exploit against MacOS 8.5.1 and Solaris 7/i386, they both : are vulnerable. The Solaris box just couldn't access anything outside its : own network after that. Define vulnerable. APR has no security in it whatsoever[*], so there is *NO* way to effectively defend against this attack w/o keeping a database if NIC addresses in sync with IP addresses. ARP does this dynamically so you can swap out ethernet cards and the like w/o major headache. To work around this attack is fairly simple: Just add arp entries by hand (they will be permanant) when you boot your clients. Warner [*] Apart from the implicit trust of all machines on a physical wire. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message