Date: Wed, 7 Jul 1999 07:24:51 -0700 From: "Justin Wolf" <jjwolf@bleeding.com> To: "Josef Karthauser" <joe@pavilion.net>, "Stephen D. Spencer" <bsd-sec@boneyard.lawrence.ks.us> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: your mail Message-ID: <NDBBLEBGOLOIGCNOJACFAEIHCAAA.jjwolf@bleeding.com> In-Reply-To: <19990707121408.H30024@pavilion.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Or a simpler method might be to simply statically add his mac to your ARP >> table with a non-routable IP address. Had to do this on a Cisco. Rather >> simple and is quite amusing to observe customer reactions. :) > That doesn't work! One mac can have multiple IP addresses. All this does > is to stop anyone else using the unroutable ip address. Well any IP address outside of their subnet would essentially be unroutable. If you're not using RFC1918 space anywhere, set it to 10.0.0.1 or something - this is generally ignored by other networks' border routers (such as the ISP). You still need to be able to deny an ARP lookup for that MAC that would allow it to resolve to another IP. Is there no provision in routed or ipfw to filter by MAC address? -Justin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBLEBGOLOIGCNOJACFAEIHCAAA.jjwolf>