[8148] in North American Network Operators' Group
Re: How to protect registered IP addresses
daemon@ATHENA.MIT.EDU (Hui-Hui Hu)
Thu Mar 13 09:58:03 1997
To: nanog@merit.edu
In-reply-to: Your message of "Wed, 12 Mar 1997 19:19:58 MST."
<000000508582941064398@corpserver.netasset.com>
Date: Thu, 13 Mar 1997 09:49:32 -0500
From: Hui-Hui Hu <hhui@stardot.com>
Princeton has a piece of code that ARP bombs unregistered hosts. IPs that
are broken get sent an ARP packet with the same IP and an ethernet
address of 00:00:00:de:ad or something. This is usually enough to disable
Windows 95 boxes (since they do a RARP call when they boot up to check
for duplicates) and some other OSes too. This provides a quick filter
before actually blocking things at the router level, which is more expensive.
Of course the clueful can easily get around this, but hey.
-Tung-Hui Hu / Arc Four / hhui@arcfour.com
