-----Original Message----- From: Stephane Nasdrovisky [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 2:05 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: ARP Spoof Question
>>I have a small question. I was reading about ARP Spoofing and here is my question. >> So when Node B is a attacker he catches the ARP Request and sends his >> MAC address in reply to Node A. >Node B can also send "gratuitous arp". Basically these are broadcasted arp replies without any request. Most hosts send gratuitous arp when they boot so that the neibourhood knows about them. >>Q1.My Question is, Node C will also reply to that request of Node A. SO >> now Node A has 2 different MAC for the same IP. How is Node A handling >> this situation??? >Usually, the last arp reply override the existing one. Some ip stack may decide to make arp replies to their own queries more reliable than gratuitous arps, I'm not sure wether a required behaviour is described in the rfcs. >> Q2.The switch also updates its table of IP/MAC address bindings, so how >> is switch handling this situation??? >Switches are layer 2 devices, IP begins at layer 3. A -switch- usually doesn't understand a single ip bit. The management side of the switch (snmp, http, telnet, whatever) are to be considered as any other networked host. ------------------------ How would that apply to a layer 3 switch/router? Actually the packaging says that I have a Residential Gateway/Router/Firewall. Aren't gateways layer 7 devices? While switches are layer 2 devices, they deal with MAC addresses right? Maybe a "smart" switch knows which MAC addresses are allowed on the network? Or am I missing it all here? --Rivera-- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
