> -----Original Message----- > From: linux-net-owner@xxxxxxxxxxxxxxx > [mailto:linux-net-owner@xxxxxxxxxxxxxxx]On Behalf Of Henrik Nordstrom > Sent: Thursday, August 18, 2005 7:37 AM > To: Harald Nordgård-Hansen > Cc: linux-net@xxxxxxxxxxxxxxx > Subject: Re: Arp-entry lifetime extension with ICMP? > > > On Wed, 17 Aug 2005, [ISO-8859-1] Harald Nordgård-Hansen wrote: > > > I've run into what probably is a policy decision, but I > cannot quite get the > > reason: When sending TCP traffic to a machine, the first > packet will cause > > an arp request to be made. Later on, this arp entry gets > its lifetime > > extended by the TCP packets, so that it does not have to > arp again until the > > network becomes quiet. > Just my humble opinion here, but this behavior would seem to be a security risk. A compromised host A could respond to ARP requests from host B for host C's IP address just once and keep B's ARP table with the impersonated entry intact just by maintaining TCP traffic between itself and B. On the otherhand, if B would re-arp for C's address periodically regardless of the traffic between the hosts, the duplicate responses coming from both C and A might eventually be noticed and dealt with. Jeff Haran Brocade Communications Systems - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
