On Sat, 20 Jul 2002 10:41:02 +0900, Jun-ichiro itojun Hagino <itojun@iijlab.net> said: > I looked through RFC826 and it seems that the operation performed by > Lars was a Bad Thing. RFC826 input processing explicitly suggests us > to update ARP cache entry without checking arp operation type. > > therefore, it is unsafe to transmit ARP_REQUEST with spoofed IP > source address - it will overwrite ARP entries of neighbors. This is, of course, a major security hole...
Attachment:
pgp00087.pgp
Description: PGP signature