Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Incorrect Linux ARP behavior

From: bmr () math uakron edu (Brandon Reynolds)
Date: Fri, 18 Sep 1998 21:54:36 -0400

On Fri, 18 Sep 1998, Seth McGann wrote:


After further investigation it appears neped.c (the Linux sniffer detector
by savage () apostols org ) operates due to a problem in
/linux/net/ipv4/arp.c.  The function arp_rcv() controls when to send ARP
...


I ran tcpdump on a machine running RH5.1 kernel version 2.1.122 and from
another linux box I ran neped and it detected nothing.  But when I ran
tcpdump on a machine running 2.0.34 it was detected.  So apparently this
has already been patched in the latest versions of the kernel.

Brandon Reynolds                                   bmr () math uakron edu
The University of Akron              (330) 972-6776 fax (330) 374-8630
Mathematics and Computer Science      http://www.math.uakron.edu/~bmr/
Previous By Date Next
Previous By Thread Next

Current thread: