Subject: Re: Needing help with preventing IP theft
To: None <>
From: Greg A. Woods <>
List: tech-net
Date: 08/11/2000 18:46:34
[ On Friday, August 11, 2000 at 22:17:43 (+0200), Sean Doran wrote: ]
> Subject: Re: Needing help with preventing IP theft
> Likewise, why must the gateway use ARP at all, if it is under the
> control of authority granting IP addresses (via DHCP, for example)
> in the first place?

Indeed!  This is the way the Terayon Cable ``modems'' work.  They proxy
DHCP requests through to a real normal DHCP server, setting up state
tables and a fixed ARP cache based on the successfull offer, so that
only one IP/MAC mapping can exist at any one time.  (Terayon's gateway
has a default mode where it'll create ARP cache entries based on trust
too, but hopefully they're getting the bugs worked out which cause this
mode to be the only one which works reliably....)

They're doing something very much like ATM too so I don't see why DSL
``modems'' couldn't work in much the same way.

The only real way to a deal with lack of trust in an ARP environment is
on the gateway itself because if you can't get the gateway to honour
your MAC address then you're screwed even if you can still send packets
to the gateway (esp. in a DSL or switched environments where you can't
normally see the spoofer's traffic).

In any case that's a blue-sky vision, and not something that'll solve
existing problems.....

As Comer says in the new 4th edition of Internetworking with TCP/IP
Volume 1 (that I just happened to receive today!), "ARP is based on the
idea that all machines co-operate and that any response is legitimate."
ARP is definitely not a protocol suitable for inter-nets, and so DSL
bridges are probably a bad idea right from the start!

So, I do think that the best interim solution (i.e. besides finding a
new network provider) is to send an ARP broadcast and then ping the
gateway to see if you get an answer and repeat as necessary.  And maybe
also send an ARP broadcast on behalf of the "other" guy that gives him
an unused link-local address or something too!  At least if you do fill
the pipe with broadcasts and other crap, and especially if the other guy
tries to do the same at the same time, you'll get the attention of
someone!  (and you might just prevent the other guy from spoofing you
too in the rare occasion where such theft is malicious!)

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>      <robohack!woods>
Planix, Inc. <>; Secrets of the Weird <>