Subject: Re: Reimplementing broadcast check for ARP
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Ignatios Souvatzis <firstname.lastname@example.org>
Date: 10/02/1997 20:41:14
> What DOS potential? I can't see how you can use this as a DOS attack
> in any situation where you couldn't equally well perform a DOS attack
> by arp poisoning with nonexistent unicast Ether addresses....
Yes, you're right. However, it might be a bit more dangerous to use a multicast
address... if the host you've poisoned sends large amounts of data to the
poisoned address, because you would create interupt load on all members of
the used multicast group.
This said: you needn't convince me anymore, I've tested ==A== on Ethernet
(Sparc LX, Pentium) and am just about to do the same at home with ARCnet.