Subject: ARP-based denial of service attack

Under certain circumstances, an attacker may be able to mount a
denial of service attack against a machine by flooding it with bogus
ARP requests.  This can lead to resource starvation, ultimately
resulting in a kernel panic.

The problem was reported by Apple Computer; for more info, see:
    http://www.securityfocus.com/bid/8689/discussion

A fix has been committed to the OpenBSD 3.2 and 3.3 -stable
branches.  Patches are also available for OpenBSD 3.2 and 3.3.

Patch for OpenBSD 3.2:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/021_arp.patch

Patch for OpenBSD 3.3:
    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/008_arp.patch