> "Christopher E. Brown" wrote:
> >
> > On Wed, 29 Sep 1999, Rogier Wolff wrote:
> > > On the other hand, someone should still take the time to modify
> > > "ifconfig" to send out one or two ARPs for our OWN IP address, and if
> > > they get answered, it should not allow the ifconfig to complete
> > > (without the operator specifing something like --force).
> >
> > Talk about a DOE (Denial of Existance) attack. Some verbose
> > screen and system messages would be in order though.
> >
> > Anyone could send out evil arp replies, and breaking the startup
> > scripts on a host because of this is a very bad thing. Interfaces
> > don't come up, then causes applications to fail, etc...
>
> You are the second person with this opinion! Will someone please tell me
> how well IP works if someone else is answering ARP requests for your IP
> address? Sure, the user's machine will boot. They'll get no message. But
> nothing will work reliably - it all works "some of the time". The fact
> is that this DOS attack already exists: it is an inherent weakness in
> the ARP protocol (and there are other inherent weaknesses just like this
> scattered throughout the TCP protocols). The DOS attack actually doesn't
> bother me much, it's the man-in-the-middle possibilities that boggle the
> mind with ARP ... after all, if I'm willing to pretend I'm you, maybe I
> just want to record packets intended for you before fixing them up and
> sending them to you ... with my special data embedded, of course. How
> hard it would be to patch ftp packets containing kernel tarballs :-(
>
> Are you saying that flaky behaviour is preferable to having a boot-time
> message that indicates that some other site is using your IP and you
> should fix it? Or am I missing something and the interface will work in
> spite of the other person who is using your IP?
No, a boot time warning is a good thing. The original
suggestion was an ifconfig that *would not* configure the interface if
there was an IP conflict. This is stupid/broken. Should a moron, or
other take the IP of a box during a reboot problems happen. Not just
the conflict, but if the interface on the machine that had its IP
stolen does not come up this can seriously screw the machines startup.
Screaming its head off would be a good thing, screaming *and*
not configuring the interface (as originally suggested) would be
broken.
---
As folks might have suspected, not much survives except roaches,
and they don't carry large enough packets fast enough...
--About the Internet and nuclear war.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/