This comes up every year or so on some list or another.

Linux will send traffic for any of it's addresses through any interface.
This is allowed in rfc 1122 section You can change this behavior
by doing this

echo 1 > /proc/sys/net/ipv4/conf/all/hidden
echo 1 > /proc/sys/net/ipv4/conf/eth0/hidden
echo 1 > /proc/sys/net/ipv4/conf/eth1/hidden

On Sun, 21 Apr 2002, Bartłomiej Konarski wrote:

> Hi,
> I have a small problem.
> Situation:
> We have linux box running kernel 2.4 with 2 NICs.
> Let`s assume that
>       eth0 IP MAC 11:11:11:11:11:11,
>       eth1 IP MAC 22:22:22:22:22:22
> We can even safely set the eth1 interface down, remove a patchcord from
> this interface or it can be dummy0 interface.
> On the second machine from network (in our case we try:
> # arping
> and we got the reply:
> Unicast reply from [11:11:11:11:11:11]  0.765ms
> Looks strange - there is no proxy-arp turned on on any of the interfaces.
> What can we do with this knowledge ? For example we can try to find
> suspected masquerade machines in our network.
> It is also very easy to scan for private networks behind the suspected
> machines.
> We tried this under Linux kernel 2.4
> This technique didn`t work with multihomed MS-Windows machine.
> It didn`t work on cisco 2500 series either.
> The questions are:
> How to turn this off ?
> Is it only a feature of the kernel series 2.4 ?

Edward Fahner
Systems Administrator, Planet Communications Network
(540) 442-6677 x222 [aka. Akatosh  .CU.Au, [EMAIL PROTECTED]]

Reply via email to