Date: Wed, 20 May 1998 09:23:40 +0100 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Doug White <dwhite@resnet.uoregon.edu> Cc: questions@FreeBSD.ORG Subject: Re: ARP's - Overriden even if marked 'permanent'? Message-ID: <3562930C.D55344AD@tdx.co.uk> References: <Pine.BSF.3.96.980519152409.11841a-100000@gdi.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug White wrote: > > Is there anyway of using IPFW to block incoming ARP's for addresses I've > > marked permanent (assuming I know the IP addresses in advance)? > > Any reason you don't want the arp entry to get eaten? The assumption > being that if someone changes the nic in their machine, your machine will > notice any ARP requests for the MAC and any responses and update itself. > If two people are gobbling one IP then your BSD box will make a syslog > note when an ARP request gets two replies. I thought it would be better from a security point of view (I know it's not 'perfect') but it would mean to impersonate one our existing machines someone would have to change their NIC's MAC to the same as that machine (which is going to be fun unless they disable that machine someone)... A number of books I've read recomend doing it for 'critical' devices, e.g. router, bastion hosts etc... I guess I'll settle for the alternative approach and just get the machine to scream blue murder if any ARP "machine at xxxx" type messages get logged (which on our small static IP network they never should)... Regards, Karl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3562930C.D55344AD>