Hi, I am wondering why linux do not recognize if someone steal it's IP,
this could be a serious security problem. infact linux, Instead of Windows and freebsd and other operative system, when boot or give up a virtual IP on an interface do not send gratious arp but only ask for the gateway arp and than answer to the query for it's IP.
Because of this, If I have a gateway, with IP IPA, and set a desktop/server on the lan with the same ip IPA, when it start it will be the new gateway for the all network.
but try:
- Suppose the gateway is in high availability, it will have phisical IP
and a logical IP the logical one is known from the host of lan as default
gateway.
- Suppose to set a server/desktop with a virtual IP eth0:1 with the logical
IP of the real gateway, send a broadcast arp, set ip_forward=1, and route
all the traffic to the phisical IP of the original gateway.
- Now there is a new gateway for all host on the net, and the real gateway
will trust (with the trust I have on my server) the traffic that I forward
to his because it come form a trusted real IP ,
With this I have create a by-pass of the firewall!!! this is not good!, I could se all traffic, make a man in the middle, see the database data userid e password and so on. But the worst is that if it happen on a DMZ I could create a big DOS, without someone thinks the gateway IP has been steal form someother!
If linux would send a gratious arp when it give up an IP real or virtaul this problem will not be possible, because it could not bind a IP that is already present on the net.
Alessandro Fiorenzi aka NetExpress
[EMAIL PROTECTED] http://web.tiscali.it/Fiorenzi
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
