On Wed, Dec 05, 2001 at 01:52:48PM -0500, Louis A. Mamakos wrote:
> > On Wed, Dec 05, 2001 at 01:35:52PM -0500, Louis A. Mamakos wrote:
> > > Doesn't this behavior need to be on a per-interface basis? I'm wondering
> > > if a single sysctl is sufficient to get the desired effect.
> > >
> > No, we want ARP table to stay intact no matter which interface
> > sends us an update.
>
> I thought the original desire was to have a network interface which
> would respond to ARP requests, but only use static IP->MAC address
> mappings installed in the ARP table. I would imagine there are
> circumstances where you'd like other network interfaces on a multi-homed
> host to continue to operate in the "normal" fashion.
I'm not sure I understand the reason for the static table on one
end. If it is for security, you need to have static tables on _both_
machines or a man-in-the-middle attack is still possible. (And in any
case, MAC addresses are trivial to spoof.)
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/ | [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
