[ringzero] Re: just a musing..

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2007-01-24 09:32 -0000, ed@xxxxxxx wrote:
>> Everything from packet spoofing to DoS with a constantly
>> changing MAC address would become trivial.
> 
> well, the DoS would extend on as far as the router, outside of that the
> router controls the MAC address itself, so it would be a pretty limited
> DoS.

Please do tell me how you'd reach from elsewhere on the LAN (including
the router) a system that has a constantly changing hardware address.
If done often enough (which would be easy if the NIC itself does not
do rate limiting on MAC address changes) then ARP and/or
MAC-to-switch-port resolution might not be able to keep up, and even
if they are able to keep up, the caches would quickly fill up leading
to a large increase in locally undeliverable packets (since some of
that data would have to be discarded to keep the tables within the
memory constraints of the switch), potentially affecting unrelated
systems as well.

A DoS does not have to affect any other system at all in order to be a
denial of service.

- -- 
Michael Kjörling, michael@xxxxxxxxxxxx - http://michael.kjorling.com/
* ..... No bird soars too high if he soars with his own wings ..... *
* ASCII Ribbon Campaign: Against HTML Mail, Proprietary Attachments *
* PGP/GnuPG encrypted e-mail preferred * OpenPGP key ID: 0xBDE9ADA6 *

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFt1N+dY+HSb3praYRApgMAKCUPMNE7vFttEzRHpFo2NHYziYbawCdGqf+
K6yLqvE3vlbB7FDZ9x7+kb0=
=CjCB
-----END PGP SIGNATURE-----
-- 
You are receiving this message as part of your subscription to the
"ringzero" mailing list at freelists.org. To unsubscribe, send an e-mail
to ringzero-request@xxxxxxxxxxxxx?subject=unsubscribe

Other related posts: