[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-users] arp question
From: |
Kieran Mansley |
Subject: |
Re: [lwip-users] arp question |
Date: |
Mon, 14 Feb 2005 13:30:35 +0000 |
On Thu, 2005-02-10 at 15:58 -0800, Jim Gibbons wrote:
> Who's right here? Is it legitimate to glean ethernet source addresses
> from incoming IP packets, or should one rely exclusively on the
> information presented in ARP replies?
In a trusted environment, it's probably OK, but priority should be given
to ARP entries that have been "actively" (as opposed to this passive
method) set up.
There is, in an untrusted environment, an obvious DoS attack where you
can persuade a host that gleans ARP data in this way to send packets to
the wrong host, or just cause it to thrash its ARP cache leading to poor
performance.
Kieran