Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Apr 2006 19:24:56 +0300
From:      vladone <>
Subject:   Re: Still ARP Spoof question.
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hello hshh,

Thursday, April 13, 2006, 2:44:09 PM, you wrote:

> I have some FreeBSD box, include 4.11, 6.0, 6.1-PRERELEASE.
> They are in the same network, and all compiled with IPFW2 support.
> In that network, there are another server, and not mine. I can't control
> them either.

> One day, maybe one computer was hacked, and sent my server by fake ARP
> packet.
> That's ARP Spoof, but it make a fake gateway to attack my server.

> dmesg can show this message like:
> arp: x.x.x.254 moved from 00:02:b3:52:5d:25 to 02:e0:52:14:37:4a on fxp0
> x.x.x.254 is gateway of that network, and 02:e0:52:14:37:4a is MAC of real
> gateway.
> 00:02:b3:52:5d:25 is fake MAC, 00:11:22:33:44:55 was seen too.

> I tried to use ``arp -S x.x.x.254 02:e0:52:14:37:4a'', and not work. After
> some seconds,
> my server can't communication with gateway.
> I tried to use ipfw2 to deny these packet, ``deny ip from any to any MAC any
> 00:02:b3:52:5d:25 layer2'',
> not work either. Although I tune ``'' from 0 to 1, still
> not work.

> What can I do? I can't touch the switch, can't touch the gateway either. Any
> good idea to help me?
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to
> ""

 I think that, u receive this from kernel anyway, because is an error
 that is processed by kernel. With firewall u can block packets to
 pass throught an interface.
 This is my opinion.

Best regards,

Want to link to this message? Use this URL: <>