[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: help: duplicate MAC address

Hello,

On Thu, Oct 19, 2006 at 01:00:27AM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> ... a Rogue user is sending you gratuitous ARP packets to poison your cache
> for all IPs in the network ...

Please excuse me for going out of the original topic, but there is
one thing I would like to clarify for myself. In the recent linux kernels
(starting from 2.6.17 if i am not mistaken) there is a sysctl option
/proc/sys/net/ipv4/conf/*/arp_accept which is said to be governing the
reception of the gratuitous ARP packets. I am used to understand the gratuitous
ARP as explained in [1]. So that, for example, when a user on a windooz
machine tries to set up a static IP that my linux machine has been set to she
will receive an IP conflict error message. I have been told that on earlier
linux kernels (or on the last kernels with this option disabled)
the windooz user will not receive such a message in this situation.

Is this true? And what is wiser and safer: to disable this option or to have
it enabled? You say that gratuitous ARP packets can be used to poison the
cache...

[1] http://www.geocities.com/SiliconValley/Vista/8672/network/arp.html#A28

-- 
Станислав
Reply to: