> I can't think of a way this is a security problem - can you point this out > please? With the exception that a DOS might be mounted by sending packets > to the wrong MAC address that are later discarded... But you'll have to > stop them at the source, not at the receivers, to prevent the DOS.
There is a class of attacks based on mismatches between MAC and IP addressing. For example, if a node is a member of an IP group, it is possible to send it a packet where the MAC destination is the unicast MAC address of the node, while the IP destination is the group address. Or vice versa, send a packet where the MAC destination is a multicast address, but the IP destination is a unicast address. Hackers can use the first technique to disrupt the operation of multicast groups, and the second one to mount some forms of denial of service attacks. These attacks require that the attacker be connected on the same link as a target, but there are cases such as public access wireless where this isn't much of a mitigation. (University dorms are also a great place for such attacks.) -- Christian Huitema -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
