On Sat, 13 Jul 2002, David S. Miller wrote:
>
> You have to use specific source-routing settings in conjuntion with
> enabling arp_filter in order for arp_filter to have any effect.
>
> This is a FAQ.
Frequently asked, but all I find is complex ways to work around the bug
rather than any patches. I do have the source routing settings in place,
virtually all packets sent to an IP not on the NIC are loggged and
droppped, so I won't have a problem with spoofing. I did turn off the
firewall on a machine to check the problem, in practice all the packets
with incorrect MAC addresses would be dropped.
I fear someone with less draconian firewalls might accept an internal IP
address on an external NIC, however. I get about 800 log entries a month
on some machines, and they're behind a boundary router.
I thought I was missing something, clearly this is a known problem.
-- bill davidsen <davidsen@tmr.com> CTO, TMR Associates, Inc Doing interesting things with little computers since 1979.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 15 2002 - 22:00:29 EST