[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] arp question

From: Kieran Mansley
Subject: Re: [lwip-users] arp question
Date: Mon, 14 Feb 2005 13:30:35 +0000

On Thu, 2005-02-10 at 15:58 -0800, Jim Gibbons wrote:

> Who's right here?  Is it legitimate to glean ethernet source addresses
> from incoming IP packets, or should one rely exclusively on the
> information presented in ARP replies?  

In a trusted environment, it's probably OK, but priority should be given
to ARP entries that have been "actively" (as opposed to this passive
method) set up.

There is, in an untrusted environment, an obvious DoS attack where you
can persuade a host that gleans ARP data in this way to send packets to
the wrong host, or just cause it to thrash its ARP cache leading to poor


reply via email to

[Prev in Thread] Current Thread [Next in Thread]