Chris Friesen wrote: > Vlad Yasevich wrote: > >> If by arp spoofing you mean receiving arp replies from multiple >> sources and >> trusting all of them, then I haven't seen anything. >> >> I don't know the history as to why nothing has has been done. > > This concept is a valuable tool to allow for fast publishing of IP > address takeover in redundant-server situations. > > There are ways in which it can be misused, but that doesn't make it an > invalid technique. >
Yes, but when some bozo on the network misconfigures his system and steals the IP of the default router, all hell breaks lose. BSD is nice enough to tell you that a duplicate ARP response has been received and gives you nobs to be able to turn this on and off. BTW, the same issue came in IPv6, where a malicious user can cause all sorts of nasty things on the network and the solution for that was SEND (RFC 3971). So at least the same problem can be solved in IPv6. -vlad - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
