lwip-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] how to handle ARP request that's not for me

From: address@hidden
Subject: Re: [lwip-users] how to handle ARP request that's not for me
Date: Sun, 15 Feb 2009 11:24:33 +0100
User-agent: Thunderbird 2.0.0.19 (Macintosh/20081209) 
dogeye wrote:

Thank you, Kiran, for the explanation.  Yes, i got the idea, so it's
basically a implementation choice, like windows xp doesn't update ARP
table if the request is not for it. In this way, we can avoid the
trouble that the ARP table will filled up quickly in a large network,
and we need search entire table every time. There are cons and pros
for both ways. Am I right?
There is also a security issue, althogh I don't know how serious: When you take all incoming ARP messages as authentic, you might be more vulnerable to ARP spoofing. When you only take responses for requests you sent, you can be quite sure that if there is someone spoofing the MAC address, you will get 2 responses: one from the real host and one from the attacker. Where as if you take all broadcasts as authentic, you might not notice that.
However, I don't know if lwIP really would detect that or if it would simply use the second response. And on the other hand, if someone controls the network infrastructure he might be able to filter out the 2nd, original, response. That's why I don't know how serious this is. But it's a fact to keep in mind when modifying this setting. 

Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]