Home page logo
/

nanog logo nanog mailing list archives

Re: IP4 address conservation method
From: William Herrin <bill () herrin us>
Date: Wed, 5 Jun 2013 12:30:33 -0400

On Wed, Jun 5, 2013 at 12:11 PM, Mikael Abrahamsson <swmike () swm pp se> wrote:
On Wed, 5 Jun 2013, William Herrin wrote:
Both the router and host have to support sending and accepting invalid ARP
requests. Since the Linux kernel already mishandles arp by default, you're
probably begging for unexpected behavior. Double down on that if the
customer controls the server image.

Exactly what is wrong with the ARP answers and requests sent using
local-proxy-arp?

Nothing. The problem is that the arp source IP doesn't fall within the
interface netmask at the receiver. Some receivers ignore that... after
all, why do they care what the source IP is? They only care about the
source MAC. Other receivers see a spoofed packet and drop it.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault