Re: How to protect registered IP addresses

[Hui-Hui Hu <hhui () stardot com>]

Princeton has a piece of code that ARP bombs unregistered hosts. IPs that
are broken get sent an ARP packet with the same IP and an ethernet 
address of 00:00:00:de:ad or something. This is usually enough to disable 
Windows 95 boxes (since they do a RARP call when they boot up to check 
for duplicates) and some other OSes too. This provides a quick filter 
before actually blocking things at the router level, which is more expensive.

Of course the clueful can easily get around this, but hey.

-Tung-Hui Hu / Arc Four / hhui () arcfour com

- - - - - - - - - - - - - - - - -