On Wed, Nov 20, 2013 at 10:50 PM, Mitar <mitar(a)tnode.com> wrote:
I would be more interested in what happens to the arp
table. Does it grow?
It appears to be staying up-to-date. At this very moment there are 5
obsolete dhcp leases hanging around, but none shows up in
/proc/net/arp
After a week of this, I'm wondering if it's better to dissociate this
stuff entirely from the network logic. Maybe all interfaces should
just be randomized at boot time and/or every 24 hours, no matter what
the network is doing. Seems a lot less complicated.
I'm also now skeptical that a malicious network couldn't work around
any of these tricks as long as you remain in their range. If one
device appears as soon as the other leaves, at the same location, they
can make a good guess that it's still you.