[1903] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Ethernet card addr <-> IP

daemon@ATHENA.MIT.EDU (linux-sec@xencat.demon.co.uk)
Fri Jun 19 03:15:43 1998

Date: Thu, 18 Jun 1998 06:15:43 +0100
From: linux-sec@xencat.demon.co.uk
To: linux-security@redhat.com
Reply-To: William <bill@xencat.demon.co.uk>
Mail-Followup-To: linux-security@redhat.com
In-Reply-To: <199806170613.IAA00804@cave.BitWizard.nl>; from Rogier Wolff on Wed, Jun 17, 1998 at 08:13:09AM +0200
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com


--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 17, 1998 at 08:13:09AM +0200, Rogier Wolff wrote:
> Richard Hakim wrote:
> >=20
> > Hi everyone -
> >=20
> > Someone I'm working with has a requirement to map ethernet card address=
es
> > to unique IP addresses, and then have a Linux IP masquerade server know=
 of
> > this mapping list and not allow any data to pass from any ethernet card
> > that a) it doesn't know about, or b) isn't assigned the right IP.  Idea=
lly
> > it would also log this condition.
>=20
> Ifconfig your ethernet with the noarp option. Add static (but not
> public) arp entries for your hosts. Bingo!
cept, when someone does ifconfig eth0 hw ether {allowedhwaddress}
change to corresponding ip and bingo you talk to/use th IP masq server.
i don't know how this would behave with 2 machines on the same
ethernet with same ip/hw address, but al you would have to do is
wait until one of the allowed hosts is down.
but this is just an example of problem of people using hw addresses
for things they were not ment, eg access control oh and if they can
do that they can figure out the correct hw/ip pair with tcpdump etc.


>=20
> 				Roger.



murble

--=20
bill=09
PGP [1024/5DC6EF85/93E5 E075 6F90 0530-8ECC 7E00 98BD D803]
bill@xencat.demon.co.uk or somtimes W.A.Boughton@herts.ac.uk

--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i

iQCVAgUBNYiifup1vwldxu+FAQHVQgP9FF1Nei/qP2CP9wcIgaMb/zUVFumMhVHt
IeD1YA1OVwM9RITnmDnC+Dj7zTqsJNSKHTVPAUkc1l44wWN63WjfesSsY9cxG421
IXm94o6iwegbhHGOeFvLCLdR3+UP538osXipU7FzifOGYvdTQsbVEnpTzEDRvngO
iRC6ex134bU=
=XOvy
-----END PGP SIGNATURE-----

--X1bOJ3K7DJ5YkBrT--

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post