From owner-freebsd-questions@FreeBSD.ORG Wed Apr 5 10:10:14 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E0B516A401 for ; Wed, 5 Apr 2006 10:10:14 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.web-strider.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id E7F7443D48 for ; Wed, 5 Apr 2006 10:10:13 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id k35AABu20570; Wed, 5 Apr 2006 03:10:11 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Mark Jayson Alvarez" , Date: Wed, 5 Apr 2006 03:10:11 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 In-Reply-To: <20060405090338.74765.qmail@web51610.mail.yahoo.com> Importance: Normal Cc: Subject: RE: Attacking our pc router at work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2006 10:10:14 -0000 >-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mark Jayson >Alvarez >Sent: Wednesday, April 05, 2006 2:04 AM >To: freebsd-questions@freebsd.org >Subject: Attacking our pc router at work > > >Hi, > > I have one question. What if I change my ip and mac address at >the same time to that of our pcrouter's ip and mac... Will this >going to kick out that router in our network, causing the rest >of the entire lan to be out of service?? Yes. >No one's gonna caught >me right?? That depends. >Arpwatch can only watch if an ip address has moved >to another mac address but not when both ip and mac has moved >to another ip and mac... Do you know any possible solution to this?? > Yes, buy good managed switches and install mac-level filters. People that run dumb hubs or unmanaged switches in a large network are effin idiots in my book. In a small network, like 20 or fewer stations, a savvy admin who has encountered this trick before (ie: someone who has worked college networks since there's always a few smart guys in the fresman dorms who try this every year) can simply start pulling out patch connections from the main hub or switch until the problem goes away. Typically corporate nets don't have these kinds of problems since not many people want to risk getting fired. Ted