Date: Thu, 13 Apr 2006 19:24:56 +0300 From: vladone <vladone@spaingsm.com> To: freebsd-ipfw@freebsd.org Subject: Re: Still ARP Spoof question. Message-ID: <742376878.20060413192456@spaingsm.com> In-Reply-To: <9b6b59500604130444q3e4032cai907919aa77780c52@mail.gmail.com> References: <9b6b59500604130444q3e4032cai907919aa77780c52@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello hshh, Thursday, April 13, 2006, 2:44:09 PM, you wrote: > I have some FreeBSD box, include 4.11, 6.0, 6.1-PRERELEASE. > They are in the same network, and all compiled with IPFW2 support. > In that network, there are another server, and not mine. I can't control > them either. > One day, maybe one computer was hacked, and sent my server by fake ARP > packet. > That's ARP Spoof, but it make a fake gateway to attack my server. > dmesg can show this message like: > arp: x.x.x.254 moved from 00:02:b3:52:5d:25 to 02:e0:52:14:37:4a on fxp0 > x.x.x.254 is gateway of that network, and 02:e0:52:14:37:4a is MAC of real > gateway. > 00:02:b3:52:5d:25 is fake MAC, 00:11:22:33:44:55 was seen too. > I tried to use ``arp -S x.x.x.254 02:e0:52:14:37:4a'', and not work. After > some seconds, > my server can't communication with gateway. > I tried to use ipfw2 to deny these packet, ``deny ip from any to any MAC any > 00:02:b3:52:5d:25 layer2'', > not work either. Although I tune ``net.link.ether.ipfw'' from 0 to 1, still > not work. > What can I do? I can't touch the switch, can't touch the gateway either. Any > good idea to help me? > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to > "freebsd-ipfw-unsubscribe@freebsd.org" I think that, u receive this from kernel anyway, because is an error that is processed by kernel. With firewall u can block packets to pass throught an interface. This is my opinion. -- Best regards, vladone mailto:vladone@spaingsm.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?742376878.20060413192456>