[5303] in bugtraq
Re: Redir games with ARP and ICMP
daemon@ATHENA.MIT.EDU (Olaf Seibert)
Tue Sep 23 23:45:59 1997
Date: Tue, 23 Sep 1997 18:36:03 +0200
Reply-To: Olaf Seibert <rhialto@POLDER.UBC.KUN.NL>
From: Olaf Seibert <rhialto@POLDER.UBC.KUN.NL>
X-To: jgoerzen@SOUTHWIND.NET
To: BUGTRAQ@NETSPACE.ORG
John Goerzen wrote:
> Having anticipated such a problem already (in our envoronment, there are
> many lab machines which have NFS access to user disks on a server. These
> machines may even be turned OFF which makes it easy for a spoofer to get
> in.), I wrote a short Perl script designed to be run from the system
> startup file. Basically, it "primes" the ARP cache on Linux with the
> IP and MAC addresses of known machines, setting a flag so that they are
> never removed from the cache and can never be changed.
>
> The config file format is simple -- IP address followed by MAC address,
> separated by whitespace. Pound at the beginning of a line indicates
> comment.
> This has only been tested on Linux -- people on other platforms may need
> to adjust the parameters to arp in the system call.
Some systems (notably BSD variants) have the arp -f option:
-f Causes the file filename to be read and multiple entries to be
set in the ARP tables. Entries in the file should be of the form
hostname ether_addr [temp] [pub]
with argument meanings as given above.
-Olaf.
--
___ Olaf 'Rhialto' Seibert D787B44DFC896063 4CBB95A5BD1DAA96
\X/ It's not easy having a good time rhialto@polder.ubc.kun.nl
