ARP requests do not route. They always stay within the physical subnet. -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of shogunx Sent: Tuesday, July 12, 2005 7:44 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Denial of service attack
On Tue, 12 Jul 2005, Alan Cox wrote: > On Maw, 2005-07-12 at 05:05, shogunx wrote: > > > Verifying source is fairly hard except for internal network traffic. > > > > Perhaps a quick arp lookup on the ip address indicated in the packets, and > > a comparison to the originating mac address's ip. Who would that exclude? > > Forged ip addresses. Virtual hosts, in some instances. > > Anything behind a router Why on this one? Do modern routers break arp? > and anything not with differing in and out > routing paths. How is that accomplished? I tried that some time ago, without success. > Anything being load balanced over multiple cables..... This make sense. Good point. > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > sleekfreak pirate broadcast http://sleekfreak.ath.cx:81/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390