On Mon, Mar 9, 2009 at 9:15 AM, Eric Furman <ericfur...@fastmail.net> wrote: > On Mon, 9 Mar 2009 16:54:27 +0100, "Felipe Alfaro Solana" > <felipe.alf...@gmail.com> said: >> On Mon, Mar 9, 2009 at 1:11 PM, irix <i...@ukr.net> wrote: >> >> > Hello Misc, >> > >> > How to protect your server from such attacks without the use of static arp >> > entries? >> > By freebsd 5.0 patch was written arp_antidote ( >> > http://freecap.ru/if_ether.c.patch), >> > somebody could port it on openbsd? >> > >> > Also, in freebsd it is possible to specify a flag through the ifconfig >> > on the interface "staticarp", while "If the Address Resolution Protocol is >> > enabled, >> > the host will only reply to requests for its addresses, and will never send >> > anyrequests." >> > May you made this flag in openbsd ? >> >> >> ARP is insecure, no matter how many patches you apply or how many hacks >> you >> try. If you want something more secure, use 802.1X, use security on the >> switch, use IPv6+IPSec/SeND, etc. > > ARP was designed by Nazis. > So, die now thread. DIE DIE
<delurk> I believe that this qualifies as 'Quirk's exception'. <lurk>