Bugtraq: FreeBSD arp poison patch

[<bert_raccoon () freemail ru>]

There is well known problem arp poisoning problem in FreeBSD. If 
arp reply is received without request FreeBSD logs error 
into syslog, but changes arp table entry. It makes possibility 
for local atacker to change arp cache entry. In network this 
behaviour can only occure when adapter changes it's MAC address. 
 
Attached is patch to check old MAC address before changing 
arp entry by sending unicast arp request to this MAC. If old MAC 
replies, no changes to arp table is made and attack is logged.  

Same patch for linux was published by Buggzy. Patch was tested for 
FreeBSD 4.6 - 5.0.

To apply patch do:
download http://freecap.ru/if_ether.c.patch
# cd /sys/netinet
# patch < /path/to/patch
and rebuild the kernel.