>From a quick glance over the patch, it seems pretty useless unless you also prevent MAC spoofing. You may want to look into port security for your switches or 802.1x if this is a big concern to you.
Cheers, Paul 'WEiRD' de Weerd On Mon, Mar 09, 2009 at 02:11:38PM +0200, irix wrote: | Hello Misc, | | How to protect your server from such attacks without the use of static arp entries? | By freebsd 5.0 patch was written arp_antidote (http://freecap.ru/if_ether.c.patch), | somebody could port it on openbsd? | | Also, in freebsd it is possible to specify a flag through the ifconfig | on the interface "staticarp", while "If the Address Resolution Protocol is enabled, | the host will only reply to requests for its addresses, and will never send anyrequests." | May you made this flag in openbsd ? | -- | Best regards, | irix mailto:i...@ukr.net | -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/
