Re: ARPOP_REQUEST with spoofed IP address (joe, turn it off!)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Jun-ichiro itojun Hagino wrote:
> 	I looked through RFC826 and it seems that the operation performed by
> 	Lars was a Bad Thing.  RFC826 input processing explicitly suggests us
> 	to update ARP cache entry without checking arp operation type.
> 
> 	therefore, it is unsafe to transmit ARP_REQUEST with spoofed IP
> 	source address - it will overwrite ARP entries of neighbors.

Agreed- this was known at 9:30am, and fixed very shortly thereafter. It 
is not related to this thread.

The incomplete ARP packets that were posted to this thread had no effect 
on the router (we asked); there is no information yet on which machine 
was causing them.

The connectivity problems experienced esp. Monday around 1pm were 
wireless related. The NOC had been rebooting some of the access points 
while reconfiguring them (about 10 times in 30 minutes). Other problems 
included users running ad-hoc access points, and general congestion of 
the access points.

When the problems occurred, we checked with the NOC, rather than 
continue this thread. We invite others to do the same in the future.

Joe




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]