Date: Mon, 19 Apr 1999 23:14:50 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Warner Losh <imp@harmony.village.org> Cc: Rajit Manohar <rajit@csl.cornell.edu>, security@FreeBSD.ORG Subject: Re: poink and freebsd Message-ID: <20356.924556490@critter.freebsd.dk> In-Reply-To: Your message of "Mon, 19 Apr 1999 14:54:56 MDT." <199904192054.OAA27522@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199904192054.OAA27522@harmony.village.org>, Warner Losh writes: >In message <199904191854.OAA02778@mozart.csl.cornell.edu> Rajit Manohar writes: >: about a minute, everything returned to normal (AFAIK). I'd guess that >: a repeated-poink, or a poink of an nfs server would be a more serious >: problem. > >Sounds like your typical "Let's claim to be someone else and confuse >everybody" DOS that has been well know since at least the late 80's, >if not before. arp has no authentication in it, so short of hard >wiring the arp cache on all your machines, I don't think there is much >that can be done about this. Actually there is. Instead of bailing in this case, send the originator an arp packet and ask if they're serious. If the don't answer ignore the entire event. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20356.924556490>