Subject: Re: Article
To: Mihai Chelaru <kefren@netbastards.org>
From: Steven M. Bellovin <smb@research.att.com>
List: current-users
Date: 01/09/2003 11:06:46
In message <200301091749.47019.kefren@netbastards.org>, Mihai Chelaru writes:
>Anyone read this ?
>http://www.eweek.com/article2/0,3959,809353,00.asp?kc=EWTH102099TX1K0100487
>
>"The Linux, NetBSD and Microsoft Windows operating systems are known to
>have vulnerable link layer implementations, and it is extremely likely
>that other operating systems are also affected."
>
>Any official position regarding this ?
>
Speaking for myself, I think this is a non-issue. (It's also been
known for years.) It's only a vulnerability if the attacker is on the
same LAN; if that's the case, ARP-spoofing can yield all traffic, just
just a few bytes from random packets. (If it's an unswitched LAN, you
don't even need that.)
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)