David Magda wrote: > sam <sam.wun_at_authtec.com> writes: > > >> Is this a bug? logically the existing PF CARP server should not be >> interrupted by unauthorized VRRP packet because password is >> unmatched. I intentionally wide open the PF rules allow all hosts >> in the LAN can talk to the CARP server. If I drop all unauthorized >> packets, the existing CARP server has no affected. > > > > Did you use a different ID number for the new CARP server? > > Each 'cluster' of CARP servers must have a different ID number. The > numbers go from 0 to 255. If you don't specify one a default may be > chosen. Double check the man pages. > The simpliest form should not rely on the id number, it should check for authentication the password only. If password is unmatched, there is no reason to continue the communication. Btw, the ID number can be spoofed VERY easily. Sam.Received on Sun Mar 13 2005 - 12:19:35 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:29 UTC