Ed Sawicki wrote:
> I notice that some Unix hosts allow for the publishing
> of one or more hosts in their ARP tables using the "pub"
> parameter in a "arp -s" command. This allows the host
> to respond to ARP requests on behalf of other hosts.
>
> 1. Under what conditions is this useful?
This can be very useful if you are running NAT on a firewall. For
example, let's say that the external interface of your firewall is
192.168.1.2. Let's also assume that you have 5 internal SMTP servers.
The "pub" function, along with a static mapping NAT firewall, would
allow you to use IP addresses 192.168.1.3 - 192.168.1.7 for each of the
internal mail hosts. "pub" tells the underlying OS to respond to ARP
requests from other devices on the subnet (like the router sitting
between you and your ISP).
> 2. What are the security implications of this?
Humm. Could cause a denial of service in the wrong hands but no more so
then a machine configured with the wrong IP address.
> 3. Do firewalls deal with this issue at all?
See item #1. :)
Cheers,
Chris
--
**************************************
cbrenton @
sover .
net
http://www.amazon.com/exec/obidos/ISBN=0782120822/0740-8883012-887529
"We've heard that a million monkeys at a million keyboards
could produce the Complete Works of Shakespeare; now,
thanks to the Internet, we know this is not true."
References:
|
|
