On Thu, 26 Jan 1995, Pete Hartman wrote: > >But in real life, the spoofing machine would never be requested to respond > >to arp anyway, because in real life the spoofer should be on the other side > >of your firewall router. If the spoofer and spoofee are on the same ether- > >net then there are serious internal problems that go beyond the scope of > >firewalls!! > > But such problems are the stock-in-trade of those of us at Universities. absolutely! take that 386sx junker in the corner slap two ethernet cards in it and run drawbridge from TAMU, or a stripped/hacked down version of FreeBSD. establish a perimeter based upon subnets, a list of host addresses, anything. hell, they can just snoop the wire and pick off your passwords as they fly by. lots and lots of other problems. establish a perimeter. jmb Jonathan M. Bresler jmb@kryten.atinc.com | Analysis & Technology, Inc. | 2341 Jeff Davis Hwy play go. | Arlington, VA 22202 ride bike. hack FreeBSD.--ah the good life | 703-418-2800 x346