On Thu, Nov 13, 2008 at 08:33:52AM +1100, Boyd Adamson wrote: > James Carlson <[EMAIL PROTECTED]> writes: > > Peter Memishian writes: > >> That said: > >> > >> # ndd -set /dev/arp arp_probe_count 0 > >> # ndd -set /dev/arp arp_fastprobe_count 0 > >> # ndd -set /dev/arp arp_defend_interval 0 > > > > That won't actually disable DAD. If we detect conflicts on a running > > interface, we'll still take it down. There's no supported means to > > turn it completely off, and that's by intention. Networks with > > duplicate addresses are simply broken. > > This is probably a stupid question, but: > > Doesn't that provide a rather trivial DOS attack vector?
An on-link DoS, yes, but it existed anyways. Typically this DoS is mitigated by physical security (wired nets), link-layer security (wireless nets), and the act that ARP isn't routed. Nico -- _______________________________________________ networking-discuss mailing list [email protected]
