From: Hansang Bae (hbae@xxxxxxxxxx)
Date: Sat Mar 16 2002 - 02:07:05 GMT-3
At 11:11 AM 3/15/2002 -0500, Mannan Venkatesan wrote:
>Guys,
>One of friend brought up a good question and we tested it. Here it goes,
>
>D1-----R1----------R2-----D2
>
>R1 is connected to R2 through P-t-P serial link. I used 10.1.1.1/24 address on
>R1's serial interface and R2 had 20.2.2.2/24. R1 has a static route to D2
>(desktop) with next-hop, 10.1.1.2(non exist address). R2 has a static route to
>D1 with next-hop, 20.2.2.1(non-exist address again).
>
>When I tried to ping D2 from D1, R1 and R2 never change the source and
>destination address (normal behavior) and it worked with R1 and R2 directly
>connected using totally different network addresses.
>
>Ofcourse this will not work if the routers originates any packet but they
>don't do any check if the packet are originated from desktops. Is it kind of a
>security hole?
no ip proxy-arp
This should stop this behaviour.
hsb
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:10 GMT-3