>Talking of ARP, at least Linux has the problem that it blindly accepts >whatever hardware address it finds in the ARP response -- be it the >MAC broadcast address, or a multicast one. Not sure wheter other >OSs are affected. > >I didn't find anything dangerous you can do with this, unless there's >some really stupid IP stack that tries to forward IP packets that were >sent to the MAC broadcast--that would indeed be network meltdown. But >I haven't seen such a stack. I'm not sure exactly what you mean by "forward" in this case... whether you mean forward in the router sense, or whether you mean forward up the IP stack inside the box.. In both cases.. I don't think it matters. Nearly all IP stacks will accept frames sent to a broadcast MAC address. That's how broadcast pings work. If a Linux box can be tricked to think an IP address maps to the broadcast MAC address via ARP tricks, that could be really useful in a switched environment. Doesn't break anything, either, until the network melts down with broadcasts. Ryan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:37 PDT